Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Security and Encryption Guide
  5. Section II. Encryption of data-in-transit
  7. NetBackup CA and NetBackup certificates
  9. About host ID-based certificates
  11. About host ID-based certificate expiration and renewal
NetBackup™ Security and Encryption Guide

About host ID-based certificate expiration and renewal

NetBackup host ID-based certificates expire one year after their issue date. They are automatically renewed 180 days before the expiration date. A certificate renewal request is sent periodically until a certificate is successfully renewed. Automatic renewal ensures that the renewal process is transparent to the users.

Note:

You can disable automatic renewal of host-ID based certificates using the DISABLE_CERT_AUTO_RENEW parameter from the NetBackup configuration file (the Windows registry or the bp.conf file on UNIX).

For more information, see the NetBackup Administrator's Guide, Volume I.

The renewal request is always authenticated using the existing certificate. Hence, the renewal process does not require the use of an authorization token, regardless of the certificate deployment security level.

If the existing certificate has not expired, the host administrator can initiate a manual renewal request, as described in the following procedure.

To renew a host ID-based certificate manually

  • The host administrator runs the following command on the non-master host:

    nbcertcmd -renewCertificate

    • Certificates corresponding to NetBackup domains other than the primary domain can be manually renewed by specifying the -server option.

    • Use the -cluster option to renew the cluster certificate of NetBackup clustered server.

In a scenario where the certificate has expired, the administrator of the host must manually reissue the certificate.

See About reissuing host ID-based certificates.

Feedback

Was this page helpful?
Previous

Deploying certificates on a client that has no connectivity with the primary server

Next

Deleting sensitive certificates and keys from media servers and clients

Feedback

Was this page helpful?