Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Security and Encryption Guide
  5. Section II. Encryption of data-in-transit
  7. NetBackup CA and NetBackup certificates
  9. About host ID-based certificates
  11. Setting up trust with the master server (Certificate Authority)
  13. Finding and communicating the fingerprint of the certificate authority
NetBackup™ Security and Encryption Guide

Finding and communicating the fingerprint of the certificate authority

The master server administrator must find the fingerprint of the CA certificate and communicate it to the administrator of the individual host so that the host can add the CA certificate to its trust store.

Both SHA-1 or SHA-256 fingerprints are supported.

To find the fingerprint of the CA certificate

  1. The master server administrator can find the fingerprint using the NetBackup Administration Console or the command line:

    Using the NetBackup Administration Console:

    • Expand Security Management > Certificate Management.

    • On the Actions menu, select View Certificate Authority. The Certificate Authority Details dialog appears.

    • The following information is displayed:

      Subject Name

      Identifies the certificate for the desired master server.

      Start Date

      The date when the certificate is activated.

      Expiry Date

      The date when the certificate expires.

      SHA-1 Fingerprint

      The hash value of the certificate that is calculated using the SHA-1 algorithm.

      SHA-256 Fingerprint

      The hash value of the certificate that is calculated using the SHA-256 algorithm.

      Copy

      Use this option to help the administrator communicate the SHA-1 or SHA-256 fingerprint to the host administrator.

    Using the command line:

    • Run the following command on the master server to view the Root Certificate Fingerprint:

      nbcertcmd -listCACertDetails

    If multiple CA certificates are displayed, use the Subject Name.

  2. The master server administrator communicates the fingerprint to the host administrator by email, by file, or on an internal web site.

    The host administrator uses the fingerprint value to verify the fingerprint that is displayed when the host runs nbcertcmd -getCACertificate. This verifies the authenticity of the CA certificate.

Using the vssat command to view the CA certificate fingerprint

The vssat command can also be used to view the CA certificate fingerprint. Use vssat with the following options:

vssat showcred -p nbatd

However, note the following differences between using nbcertcmd -listCACertDetails and vssat:

  • vssat displays the fingerprint as a hash and does not include colon separators.

  • If the host trusts multiple Certificate Authorities, the nbcertcmd command displays all CA certificates. The Subject Name displays the identity of the CA.

Feedback

Was this page helpful?
Previous

Setting up trust with the master server (Certificate Authority)

Next

Forcing or overwriting certificate deployment

Feedback

Was this page helpful?