Adding a trusted primary server using external CA-signed certificate
You can now establish a trust between source and target primary servers using an external CA-signed certificate.
For more information on the external CA support, refer to the NetBackup Security and Encryption Guide.
See About the certificate to be used for adding a trusted master server.
Note:
The NetBackup Administration Console does not support adding a trusted primary server using an external certificate.
If you try to add a trusted primary server with an external certificate using the NetBackup Administration Console, an error is displayed.
To add a trusted primary server using an external certificate
- Configure the following external certificate configuration options on the source primary server:
ECA_CERT_PATH
Note:
In case of Windows certificate store, configure only the ECA_CERT_PATH configuration option.
ECA_PRIVATE_KEY_PATH
ECA_TRUST_STORE_PATH
ECA_KEY_PASSPHRASEFILE (optional)
Note:
Do not use the ECA_KEY_PASSPHRASEFILE on the MSDP servers that are used for MSDP direct cloud tiering as it is not supported with MSDP direct cloud tiering.
- Run the nbseccmd -setuptrustedmaster command on the source primary server.
For more information on the commands, refer to the NetBackup Commands Reference Guide.
If the source and target primary servers are configured with external certificates issued by different certificate authorities, refer to the following section from the NetBackup Deduplication Guide: Configuring external CA for secure communication between the source MSDP storage server and the target MSDP storage server