About reissuing host ID-based certificates
A certificate must be reissued in any of the following cases:
The certificate was revoked, and you later determine that you can trust that host again.
The certificate expired.
NetBackup was reinstalled on the host where a certificate was already issued.
The name of the host was changed.
The key pair for the host was changed.
Reissuing a certificate is one way to prevent malicious users from assuming the identity of an existing NetBackup host that is already registered with the NetBackup primary server. In most cases, a reissue token is required for certificate reissue.
Reissuing a host ID-based certificate for a NetBackup host is different from deploying the certificate for the first time. Use the following procedure to reissue a certificate.
Once a reissue token is obtained, the certificate reissue process is similar to manual certificate deployment with an authorization token.
When the primary server receives a certificate reissue request, it first revokes all the previously valid certificates for that host and then generates a new certificate when required.