Changing the SSL certificate settings

This section describes how to change the self-signed Secure Socket Layer (SSL) certificate generated by the management server to a certificate issued by a trusted certificate authority, such as GoDaddy, Comodo, or GlobalSign. If you do this, the certificate used by the management server will be trusted on any machine. The browser security alert will not appear when logging in to the backup console by using the HTTPS protocol.

Optionally, you can configure the management server to prohibit accessing the backup console via HTTP, by redirecting all users to HTTPS.

To change the SSL certificate settings

  1. Ensure that you have all of the following:

    • The certificate file (.pem, .cert, or other format)
    • The file with the private key for the certificate (usually .key)
    • The private key passphrase, if the key is encrypted
  2. Copy the files to the machine running the management server.

  3. On this machine, open the following configuration file with a text editor:

    • In Windows: %ProgramData%\Acronis\ApiGateway\api_gateway.json
    • In Linux: /var/lib/Acronis/ApiGateway/api_gateway.json

  4. Locate the following section:

    "tls": {
        "cert_file": "cert.pem",
        "key_file": "key.pem",
        "passphrase": "",
        "auto_redirect": false
    }

  5. Between the quotation marks in the "cert_file" line, specify the full path to the certificate file. For example:

    • In Windows (note the forward slashes): "cert_file": "C:/certificate/local-domain.ams.cert"
    • In Linux: "cert_file": "/home/user/local-domain.ams.cert"

  6. Between the quotation marks in the "key_file" line, specify the full path to the private key file. For example:

    • In Windows (note the forward slashes): "key_file": "C:/certificate/private.key"
    • In Linux: "key_file": "/home/user/private.key"
  7. If the private key is encrypted, between the quotation marks in the "passphrase" line, specify the private key passphrase. For example: "passphrase": "my secret passphrase"
  8. If you want to prohibit accessing the backup console via HTTP, by redirecting all users to HTTPS, change the "auto_redirect" value from false to true. Otherwise, skip this step.

  9. Save the api_gateway.json file.

    Please be careful and do not accidentally delete any commas, brackets, and quotation marks in the configuration file.

  10. Restart Acronis Service Manager Service as described below.

To restart Acronis Service Manager Service in Windows

  1. In the Start menu, click Run, and then type: cmd
  2. Click OK.

  3. Run the following commands:

    net stop asm
    net start asm

To restart Acronis Service Manager Service in Linux

  1. Open Terminal.

  2. Run the following command in any directory:

    sudo service acronis_asm restart