Acronis Backup & Recovery

SSL certificates

Acronis Backup & Recovery 10 components use Secure Sockets Layer (SSL) certificates for secure authentication.

SSL certificates for the components can be one of the two types:

• Self-signed certificates, such as certificates automatically generated during the installation of an Acronis component.
• Non-self-signed certificates, such as certificates issued by a third-party Certificate Authority (CA)—for example, by a public CA such as VeriSign^® or Thawte™—or by your organization’s CA.

  Certificate path  

All Acronis components installed on a machine, when acting as a server application, use an SSL certificate called the server certificate.

In Windows, the certificate path and the server certificate’s file name are specified in the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Acronis\Encryption\Server. The default path is %SystemDrive%\Program Files\Common Files\Acronis\Agent.

For self-signed certificates, the certificate thumbprint (also known as fingerprint or hash) is used for future host identification: if a client has previously connected to a server by using a self-signed certificate and tries to establish connection again, the server checks whether the certificate’s thumbprint is the same as the one used before.

  Self-signed certificates  

On machines running Windows, if the certificate location contains no server certificate, a self-signed server certificate is automatically generated and installed during the installation of any Acronis component except Acronis Backup & Recovery 10 Management Console.

If the machine is renamed after its self-signed certificate was generated, the certificate cannot be used and you will need to generate a new one.

To generate a new self-signed certificate

1. Log on as a member of the Administrators group.
2. In the Start menu, click Run, and then type: cmd
3. Run the following command (note quotation marks):

   “%CommonProgramFiles%\Acronis\Utils\acroniscert” –reinstall

4. Restart Windows, or restart the running Acronis services.

  Non-self-signed certificates  

You have the option to use trusted third-party certificates or certificates created by your organization’s CA as an alternative to self-signed certificates, by using Acronis Certificate Command-line Utility.

To install a third-party certificate

1. Click Start, then click Run, and then type: certmgr.msc
2. In the Certificates console, double-click the name of the certificate that you want to install.
3. In the Details tab, in the list of fields, click Thumbprint.
4. Select and copy the field’s value, called a certificate thumbprint—a string such as 20 99 00 b6 3d 95 57 28 14 0c d1 36 22 d8 c6 87 a4 eb 00 85
5. In the Start menu, click Run, and then type the following in the Open box:

   "%CommonProgramFiles%\Acronis\Utils\acroniscert.exe" --install "20 99 00 b6 3d 95 57 28 14 0c d1 36 22 d8 c6 87 a4 eb 00 85"

   (Note quotation marks; substitute the sample thumbprint shown here with that of your certificate.)