Overview of security certificates in NetBackup
NetBackup uses security certificates to authenticate NetBackup hosts. The security certificates conform to the X.509 Public Key Infrastructure (PKI) standard. A primary server acts as the Certificate Authority (CA) and issues digital certificates to hosts.
Any security certificates that were generated before NetBackup 8.0 are referred to as host name-based certificates. NetBackup is in the process of replacing these older certificates with newer host ID-based certificates. The transition will be completed in future releases and the use of host name-based certificates will be eliminated.
However, the transition is on-going and NetBackup continues to require the older host name-based certificates for some operations. The following table lists various operations where host name-based certificate is required.
Note:
All NetBackup 8.1 hosts must have a host ID-based certificate.
Table: Host name-based certificate requirements for NetBackup 8.1 hosts
Operation or component | Type of certificate required |
|---|---|
NetBackup Access Control (NBAC) | If NBAC is enabled on a NetBackup host, the host requires a host name-based certificate. These are automatically deployed when NBAC is enabled. |
Enhanced Auditing operations | Enhanced Auditing operations require that the hosts have host name-based certificates. |
Cloud storage | This is applicable to NetBackup media server versions 8.0 to 8.1.2 only. The NetBackup CloudStore Service Container requires that the host name-based certificate be installed on the media server. If the certificate is not installed, the Service Container cannot start. See Deploying host name-based certificates. For more information, see the NetBackup Cloud Administrator's Guide. |