Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Security and Encryption Guide
  5. Section II. Encryption of data-in-transit
  7. NetBackup CA and NetBackup certificates
  9. About host ID-based certificates
  11. About reissuing host ID-based certificates
NetBackup™ Security and Encryption Guide

About reissuing host ID-based certificates

A certificate must be reissued in any of the following cases:

  • The certificate was revoked, and you later determine that you can trust that host again.

  • The certificate expired.

  • NetBackup was reinstalled on the host where a certificate was already issued.

  • The name of the host was changed.

  • The key pair for the host was changed.

Reissuing a certificate is one way to prevent malicious users from assuming the identity of an existing NetBackup host that is already registered with the NetBackup master server. In most cases, a reissue token is required for certificate reissue.

  • Reissuing a host ID-based certificate for a NetBackup host is different from deploying the certificate for the first time. Use the following procedure to reissue a certificate.

    See Creating a reissue token.

  • Once a reissue token is obtained, the certificate reissue process is similar to manual certificate deployment with an authorization token.

    See Deploying host ID-based certificates.

When the master server receives a certificate reissue request, it first revokes all the previously valid certificates for that host and then generates a new certificate when required.

Feedback

Was this page helpful?
Previous

Cleaning host ID-based certificate information from a host before cloning a virtual machine

Next

Creating a reissue token

Feedback

Was this page helpful?