Uploading certificates for TLS

Use TLS to secure the log transmissions from the appliance to the log server. TLS is optional for log forwarding. However, Veritas recommends that you enable TLS for security purposes.

NetBackup Appliance currently only supports the following:

TLS Anonymous Authentication for log forwarding.
X.509 file format for certificate files.

Before you enable TLS, you must first do the following:

Deploy the configured certificate and private key files from the Certificate Authority (CA) server onto your log server.
Upload valid certificates to opened NFS and CIFS shares on the appliance.
For log forwarding security information, see the NetBackup Appliance Security Guide.
Note:
You can also upload certificate files from the Manage > File Manager menu in the appliance web console.

To upload the certificate

Log on to the NetBackup Appliance Shell Menu and navigate to the Main > Settings > LogForwarding view.
To open NFS and CIFS shares on the appliance, enter the following command:
Share General Open
On the server where the certificates reside, mount an NFS or a CIFS share to the appliance as follows:
NFS: <appliance.name>:/inst/share
CIFS: \\<appliance.name>\general_share
Upload two certificates and one private key file. The certificate file names are as follows:
- ca-server.pem
- nba-rsyslog.pem
- nba-rsyslog.key
To close the shares on the appliance, enter the following command:
Share General Close

More Information

About forwarding logs to an external server

Enabling log forwarding

Uploading certificates for TLS

Feedback

Feedback