Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Security and Encryption Guide
  5. Section II. Encryption of data-in-transit
  7. NetBackup CA and NetBackup certificates
  9. Migrating NetBackup CA
  11. Decommissioning the inactive NetBackup CA
NetBackup™ Security and Encryption Guide

Decommissioning the inactive NetBackup CA

After completing the NetBackup CA migration process and ensuring that the hosts use certificates that the new CA has issued, you can safely decommission the old NetBackup CA.

To decommission the old NetBackup CA

  1. Run the following command:

    nbseccmd -nbcaMigrate -decommissionCA -fingerprint certificate_fingerprint

    For information about commands, see the NetBackup Commands Reference Guide.

  2. This step is mandatory if your NetBackup domain is enabled for NetBackup Access Control (NBAC) or Enhanced Auditing (EA):

    Restart the NetBackup services on the master server.

Feedback

Was this page helpful?
Previous

Viewing the CA migration summary

Next

Configuring data-in-transit encryption (DTE)

Feedback

Was this page helpful?