[[["容易理解","easyToUnderstand","thumb-up"],["確實解決了我的問題","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["難以理解","hardToUnderstand","thumb-down"],["資訊或程式碼範例有誤","incorrectInformationOrSampleCode","thumb-down"],["缺少我需要的資訊/範例","missingTheInformationSamplesINeed","thumb-down"],["翻譯問題","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["上次更新時間:2025-09-04 (世界標準時間)。"],[[["\u003cp\u003eThis page provides instructions on how to add and manage third-party certificates for the Backup and DR Service.\u003c/p\u003e\n"],["\u003cp\u003eCertificates are validated through Certificate Revocation Lists (CRL) or Online Certificate Status Protocol (OCSP), and if these endpoints are unreachable, the certificate is still treated as valid.\u003c/p\u003e\n"],["\u003cp\u003eAdding a certificate requires either copying and pasting it into the designated box or uploading the certificate file through the \u003cstrong\u003eManage\u003c/strong\u003e > \u003cstrong\u003eCertificates\u003c/strong\u003e page.\u003c/p\u003e\n"],["\u003cp\u003eTo delete a certificate, you must right-click it on the \u003cstrong\u003eManage\u003c/strong\u003e > \u003cstrong\u003eCertificates\u003c/strong\u003e page and confirm the deletion.\u003c/p\u003e\n"],["\u003cp\u003eYou must allow an egress connection from the backup/recovery appliance to the OCSP or CRL endpoints using Cloud NAT for the certificate validation to take place.\u003c/p\u003e\n"]]],[],null,["# Third-party service certificate\n\nThis page explains how to add and manage third-party certificates used by the\nBackup and DR Service.\n\nBackup and DR Service can connect to the external endpoint of a third-party\nservice only if the endpoint has a valid certificate issued by a public\nPublic Certificate Authority (CA) associated to it. If the endpoint doesn't have a\ncertificate, you need to add one to it.\n\nA certificate is validated either through certificate revocation lists (CRL)\nor Online Certificate Status Protocol (OCSP). If the CRL or OCSP endpoints\nare not reachable, the certificate is treated as valid and an event is\ngenerated. You can track these events on the **Monitor** \\\u003e **Events** page.\n\nBefore you begin\n----------------\n\nAllow egress connection from the backup/recovery appliance to the OCSP\nor CRL endpoints of the certificate using [Cloud NAT](/nat/docs/set-up-manage-network-address-translation). By default,\nCloud NAT has access to all the primary and secondary IP ranges of all\nsubnets in the region of a Virtual Private Cloud (VPC) network. To limit Cloud NAT access to only the subnet where the appliance is deployed, see [Specify subnet ranges for NAT](/nat/docs/set-up-manage-network-address-translation#specify_subnet_ranges_for_nat).\n\nIAM roles and permissions\n-------------------------\n\nThe following permissions are required for third-party certificate\noperations:\n\n- `backupdr.managementServers.manageSystem` and `backupdr.managementServers.viewSystem` for adding or deleting certificates\n- `backupdr.managementServers.viewSystem` for viewing certificates\n\nAdd a certificate\n-----------------\n\nYou can add a private CA issued or self-signed certificate to a third-party\nservice endpoint using the **Manage** \\\u003e **Certificates** page. For example,\nif a vCenter is using a private CA or self-signed certificate, you need to add\nthe certificate to the management console.\n\nUse the following instructions to add a third-party certificate:\n\n1. Click **Manage** \\\u003e **Certificates**.\n2. Click **Add Certificate**.\n3. You can add the certificate in either ways:\n\n - Copy the certificate and paste it in the **Certificate** box.\n - Click **Choose File** and upload the certificate.\n4. Click **Upload**.\n\nDelete a certificate\n--------------------\n\nUse the following instructions to delete a certificate:\n\n1. Click **Manage** \\\u003e **Certificates**.\n2. Right-click the certificate that you want to remove and select **Delete**.\n3. Click **Delete** in the confirmation dialog.\n\nWhat's next\n-----------\n\n- [Add vCenter and ESX server hosts](/backup-disaster-recovery/docs/configuration/add-vcenter-host)\n- [Discover and protect VMware VMs](/backup-disaster-recovery/docs/configuration/discover-and-protect-vms)"]]