Skip to main content
Question

Veeam Software Appliance (VSA) how to enable cipher

  • December 18, 2025
  • 8 comments
  • 18 views
P

We’re setting up the Veeam Software Appliance (VSA). We got an error when we tried to connect to our storage device, "Failed to get certificate from: https://xxx.xxxxxx.xxx:5392." technical support has advised us to “ensure that the cipher suite 'TLS_RSA_WITH_AES_256_CBC_SHA256' is enabled on the Veeam appliance.”

The command “openssl version -d” returns “OPENSSLDIR: "/etc/pki/tls".” When I try to edit openssl.conf in that folder, I get an error, “E45: 'readonly' option is set”. How can I enable the cipher?

Thanks for reading.

    8 comments

    Chris.Childerhose
    Forum|alt.badge.img+21
    • Chris.Childerhose
    • Veeam Legend, Veeam Vanguard
    • December 18, 2025

    For this since you need to modify something in the VSA which is locked down you should contact Support.

     
     
     
    Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | VUG Canada Leader | vExpert 6* | Toronto VMUG Leader | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
    P
    • PGLamb
    • Author
    • New Here
    • December 18, 2025

    Thanks, Chris.

    I have contacted support and that’s why I'm here. They said to enable a cipher suite but did not give directions on how to do that. I asked but got no response. Do you know how to enable a cipher?

      Chris.Childerhose
      Forum|alt.badge.img+21
      • Chris.Childerhose
      • Veeam Legend, Veeam Vanguard
      • December 18, 2025

      Thanks, Chris.

      I have contacted support and that’s why I'm here. They said to enable a cipher suite but did not give directions on how to do that. I asked but got no response. Do you know how to enable a cipher?

      Not on the VSA appliance as that can be a daunting task.  I am truly surprised Support did not help you with this.  I would go back to them and ask for direction to ensure that you don’t mess anything up.

      Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | VUG Canada Leader | vExpert 6* | Toronto VMUG Leader | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
      Chris.Childerhose
      Forum|alt.badge.img+21
      • Chris.Childerhose
      • Veeam Legend, Veeam Vanguard
      • December 18, 2025

      Also not sure if the Ciphers are contained in a config file that is located in the Logs & Services > Host Configuration section of the MGMT UI but you can export and import those to make changes too.  That might be the way to do this if it is one of those files.

       
       
       
      Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | VUG Canada Leader | vExpert 6* | Toronto VMUG Leader | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
      P
      • PGLamb
      • Author
      • New Here
      • December 18, 2025

      Yeah, I’m surprised too. Without the cipher we won’t be able to use the VSA. Our backup target is an HPE Nimble Storage NAS.

      Tech support said,

      “The error ... indicates a TLS handshake or cipher suite mismatch between the Veeam appliance and the Nimble storage. This is a known issue with Nimble integrations. To resolve this, ensure that the cipher suite 'TLS_RSA_WITH_AES_256_CBC_SHA256' is enabled on the Veeam appliance. Consult your Linux distribution's documentation for enabling specific TLS ciphers.”

       I’m disappointed as our VP was excited to finally be able to have immutable backups.

        Chris.Childerhose
        Forum|alt.badge.img+21
        • Chris.Childerhose
        • Veeam Legend, Veeam Vanguard
        • December 18, 2025

        Yeah, I’m surprised too. Without the cipher we won’t be able to use the VSA. Our backup target is an HPE Nimble Storage NAS.

        Tech support said,

        “The error ... indicates a TLS handshake or cipher suite mismatch between the Veeam appliance and the Nimble storage. This is a known issue with Nimble integrations. To resolve this, ensure that the cipher suite 'TLS_RSA_WITH_AES_256_CBC_SHA256' is enabled on the Veeam appliance. Consult your Linux distribution's documentation for enabling specific TLS ciphers.”

         I’m disappointed as our VP was excited to finally be able to have immutable backups.

        I would escalate that ticket to get a response from Support on where/how to change the ciphers.  To me the answer is level 1 who does not know fully about the VSA and how editing it is different from Windows and even prior releases.

         
         
         
        Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | VUG Canada Leader | vExpert 6* | Toronto VMUG Leader | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
        Andanet
        Forum|alt.badge.img+12
        • Andanet
        • Veeam Legend
        • December 18, 2025

        We’re setting up the Veeam Software Appliance (VSA). We got an error when we tried to connect to our storage device, "Failed to get certificate from: https://xxx.xxxxxx.xxx:5392." technical support has advised us to “ensure that the cipher suite 'TLS_RSA_WITH_AES_256_CBC_SHA256' is enabled on the Veeam appliance.”

        The command “openssl version -d” returns “OPENSSLDIR: "/etc/pki/tls".” When I try to edit openssl.conf in that folder, I get an error, “E45: 'readonly' option is set”. How can I enable the cipher?

        Thanks for reading.

        about your question to enable the cipher you can read the documentation at this link

        https://helpcenter.veeam.com/docs/vbr/userguide/communications_encryption.html?ver=13

        there are 3 paragraphs that speaks about encryption. 

         

         

         

        Antonio D'Andrea | VMCE 2021 | VMCA 2022 | VMTSP2024 | Veeam Legend | VUG Italy Leader | Object First Ace | VCP6-DCV | I want it written on my tombstone "Please start a restore to the last valid backup"
          Chris.Childerhose
          Forum|alt.badge.img+21
          • Chris.Childerhose
          • Veeam Legend, Veeam Vanguard
          • December 18, 2025

          We’re setting up the Veeam Software Appliance (VSA). We got an error when we tried to connect to our storage device, "Failed to get certificate from: https://xxx.xxxxxx.xxx:5392." technical support has advised us to “ensure that the cipher suite 'TLS_RSA_WITH_AES_256_CBC_SHA256' is enabled on the Veeam appliance.”

          The command “openssl version -d” returns “OPENSSLDIR: "/etc/pki/tls".” When I try to edit openssl.conf in that folder, I get an error, “E45: 'readonly' option is set”. How can I enable the cipher?

          Thanks for reading.

          about your question to enable the cipher you can read the documentation at this link

          https://helpcenter.veeam.com/docs/vbr/userguide/communications_encryption.html?ver=13

          there are 3 paragraphs that speaks about encryption. 

           

           

           

          That doesn't explain how to enable what the OP needs though.

          Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | VUG Canada Leader | vExpert 6* | Toronto VMUG Leader | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
          Terms & ConditionsAccessibility statement