Generating a certificate on a clustered master server after disaster recovery installation
After you complete the disaster recovery of a clustered master server, you must generate a certificate on the active node as well as all inactive nodes. This procedure is required for successful backups and restores of the cluster.
Generating the local certificate on each cluster node after disaster recovery installation
- Add all inactive nodes to the cluster.
If all the nodes of the cluster are not currently part of the cluster, start by adding them to the cluster. Please consult with your operating system cluster instructions for assistance with this process.
More information about supported cluster technologies is available. Please see the NetBackup Clustered Master Server Administrator's Guide.
- Run the nbcertcmd command to store the Certificate Authority certificate.
UNIX: /usr/openv/netbackup/bin/nbcertcmd -getCACertificate
Windows: install_path\Veritas\NetBackup\bin\nbcertcmd -getCACertificate
- Use the bpnbat command as shown to authorize the necessary changes. When you are prompted for the authentication broker, enter the virtual server name, not the local node name.
bpnbat -login -loginType WEB
- Use the nbcertcmd command to create a reissue token. The hostname is the local node name. When the command runs, it displays the token string value. A unique reissue token is needed for each cluster node.
nbcertcmd -createtoken -name token_name -reissue -host hostname
- Use the reissue token with the nbcertcmd command to store the host certificate. This command prompts you for the token string value. Enter the token string from the nbcertcmd -createToken command.
nbcertcmd -getCertificate -token
Additional information is available. Please see the section on deploying certificates on master server nodes in the Veritas NetBackup Security and Encryption Guide.