Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Deduplication Guide
  5. S3 Interface for MSDP
  7. Configuring S3 interface for MSDP
NetBackup™ Deduplication Guide

Configuring S3 interface for MSDP

After MSDP is configured, you can run s3srv_config.sh to configure S3 interface for MSDP.

To configure S3 server

  • If you want to use NBCA or ECA type certificates in S3 interface for MSDP, run the following command:

    /usr/openv/pdde/vxs3/cfg/script/s3srv_config.sh --catype=<type> [--port=<port>] [--loglevel=<0-4>]

    If you want to use your certificates in S3 interface for MSDP, run the following command:

    /usr/openv/pdde/vxs3/cfg/script/s3srv_config.sh --cert=<certfile> --key=<keypath> [--port=<port>] [--loglevel=<0-4>]

--catype=<type>

Certificate Authority type. NBCA: 1 or ECA: 2.

--cert=<certfile>

Certificate file for HTTPS.

--key=<keypath>

Private key for HTTPS.

--port=<port>

S3 server port. Default port is 8443.

--loglevel=<0-4>

S3 server log level.

  • None: 0

  • Error: 1

  • Warning: 2

  • Info: 3 (default)

  • Debug: 4

--help|-h

Print the usage.

  • S3 service is HTTPS service. Default port is 8443.

  • If multiple certificates exist under /usr/openv/var/vxss/credentials, you may see the following configuration error:

    Too many ca files under /usr/openv/var/vxss/credentials/keystore

    You can use option --cert and --key to specify which certificate is used.

  • You can enable HTTPS with the certificate, which is not signed by Certificate Authority in S3 interface for MSDP. If S3 interface for MSDP is configured with NBCA as SSL certificate, CA certificate is /usr/openv/var/webtruststore/cacert.pem under S3 server host. When you use AWS CLI to connect S3 interface for MSDP, there are two options --ca-bundle and --no-verify-ssl. Option --ca-bundle verifies SSL certificates with corresponding CA certificate bundle. Option --no-verify-ssl overrides verifying SSL certificates in AWS CLI command. You can ignore the following warning message.

    urllib3/connectionpool.py:1043: InsecureRequestWarning: Unverified HTTPS request is being made to host 'xxxx.xxxx.com'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings

  • Only PEM format of certificate and secret key is supported. Please convert other format of certificate and secret key to PEM format.

  • After configuring S3 server, you can check S3 server status.

    systemctl status pdde-s3srv

  • After configuring S3 server, you can stop or start S3 server.

    systemctl stop/start pdde-s3srv

  • NGINX configurations about S3 server are saved at /etc/<nginx path>/conf.d/s3srvbyo.conf and /etc/<nginx path>/locations/s3srv.conf. If you have modified the configuration files, you must modify them again after the upgrade.

Feedback

Was this page helpful?
Previous

Prerequisites

Next

Changing the certificate in S3 server

Feedback

Was this page helpful?