If you want to have a trusted SSL certificate and have your own ca to sign it, you can easily exchange the certificate used by the proxmox-backup-server.

I will assume that you already have your own certificate for this.

Changing the Certificate

Proxmox-Backup-Server uses the certificate and key under /etc/proxmox-backup/proxy.pem and /etc/proxmox-backup/proxy.key.
To be save I will rename them to keep a backup, even though you can regenerate a new pair if needed.

$ cd /etc/proxmox-backup
$ mv proxy.pem proxy.pem.bk
$ mv proxy.key proxy.key.bk

Next we will place our own certificate and key in that place. Obviously the path to your certificate may differ. Mine is placed under /root/.

$ cp /root/proxmox-backup-server-01.cert /etc/proxmox-backup/proxy.pem
$ cp /root/proxmox-backup-server-01.key /etc/proxmox-backup/proxy.key
$ chmod 0640 proxy.key proxy.pem
$ chown root:backup proxy.key proxy.pem

The last step will be to reload the service. That is when the certificates are loaded.

$ systemclt reload proxmox-backup-proxy

If you get an error, take a look at the journalctl. It will probably tell you your error.
If you get no error, your server should now be reachable with the new certificate.

Update Fingerprint in Proxmox

It is important to connect to your proxmox-server and update the fingerprint of the pbs, since the fingerprint represents the ssl-certificate. If you skip this step, your next backup job will fail.

Revert Changes

If you want to revert your changes, you can do so.

$ proxmox-backup-manager cert update --force
$ systemctl reload proxmox-backup-proxy