Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Security and Encryption Guide
  5. Section II. Encryption of data-in-transit
  7. External CA and external certificates
  9. Workflow to use external certificates for NetBackup host communication
NetBackup™ Security and Encryption Guide

Workflow to use external certificates for NetBackup host communication

To configure NetBackup to use external CA-signed certificates for secure communication, you should carry out the following steps in the given order:

Table: Workflow to use external certificates for NetBackup host communication

Step

Description

Step 1

Ensure the following:

  • The external certificates for the web server, primary server, and all hosts are placed at the appropriate locations.

  • In case of file-based certificates, the private key files for the external certificates are placed at the appropriate locations.

    See ECA_PRIVATE_KEY_PATH for NetBackup servers and clients.

    If the private keys are encrypted, passphrase files should be placed at the appropriate locations.

    See ECA_KEY_PASSPHRASEFILE for NetBackup servers and clients.

  • The CRLs are placed at the required locations on the hosts as per their CRL configuration options and they are accessible.

    See About certificate revocation lists for external CA.

Step 2

Install the NetBackup software on the primary server (or upgrade the primary server).

Step 3

Enable the NetBackup domain to use external certificates by configuring the NetBackup web server.

See Configuring an external certificate for the NetBackup web server.

Step 4

Configure an external certificate for the NetBackup primary server host.

See Configuring the primary server to use an external CA-signed certificate.

Step 5

Install the NetBackup software on the media server and clients (or upgrade the media server and clients). If the primary server is configured to use external certificates, the Installer prompts you to provide external certificate information for the host.

Step 6

Note:

This step is required for the hosts (media server and clients) that have the current NetBackup software, but are not configured to use external certificate.

NetBackup hosts may not have external certificate configuration because of the following reasons:

  • You did not provide the external certificate information during installation or upgrade of the host.

  • The NetBackup primary server was not configured to use external certificates during installation or upgrade of the host.

Configure an external certificate for a NetBackup host (media server or client) after installation.

See Configuring a NetBackup host (media server, client, or cluster node) to use an external CA-signed certificate after installation.

Feedback

Was this page helpful?
Previous

Command-line options used for external certificate configuration

Next

Configuration options for external CA-signed certificates

Feedback

Was this page helpful?