Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Security and Encryption Guide
  5. Section II. Encryption of data-in-transit
  7. External CA and external certificates
  9. About certificate revocation lists for external CA
  11. How CRLs from CDP URLs are used
NetBackup™ Security and Encryption Guide

How CRLs from CDP URLs are used

Use this section if you want to use CRL Distribution Point (CDP) as the CRL source for the NetBackup CRL cache.

To use CRLs from CDP

  1. Ensure that the ECA_CRL_PATH configuration option is not specified.
  2. Ensure that the host can access the URLs that are specified in the peer host's CDP.
  3. Ensure that the ECA_CRL_CHECK configuration option is set to a value other than DISABLE.

    During host communication, the revocation status of the external certificate is verified with the CRL in the NetBackup CRL cache that contains the CRLs from CDP URLs.

    By default, CRLs are downloaded from the CDP after every 24 hours and updated in the CRL cache. To change the time interval, set the ECA_CRL_REFRESH_HOURS configuration option to a different value.

    To manually delete the CRLs from the CRL cache, run the nbcertcmd -cleanupCRLCache command.

Feedback

Was this page helpful?
Previous

How CRLs from ECA_CRL_PATH are used

Next

About certificate enrollment

Feedback

Was this page helpful?