Deploying host name-based certificates

Choose one of the following procedures to deploy a host name-based security certificate on NetBackup hosts. Only a NetBackup administrator can deploy certificates.

Table: Deploying host name-based certificates

Procedure	Description and link to procedure
Deploying a host name-based security certificate for a primary server in a cluster	Use this procedure to deploy the host name-based security certificates on all of the nodes in a NetBackup primary server cluster.
Deploying a host name-based security certificate for media servers or clients	This procedure uses IP address verification to identify the target NetBackup host and then deploy the certificate. With this procedure, you can deploy a host name-based certificate for an individual host, for all media servers, or for all clients.

Procedure

Description and link to procedure

Deploying a host name-based security certificate for a primary server in a cluster

Use this procedure to deploy the host name-based security certificates on all of the nodes in a NetBackup primary server cluster.

Deploying a host name-based security certificate for media servers or clients

This procedure uses IP address verification to identify the target NetBackup host and then deploy the certificate.

With this procedure, you can deploy a host name-based certificate for an individual host, for all media servers, or for all clients.

Note:

Deploying a host name-based certificate is a one-time activity for a host. If a host name-based certificate was deployed for an earlier release or for a hotfix, it does not need to be done again.

Deploying a host name-based certificate for a primary server in a cluster

Use this procedure to deploy host name-based certificates on all cluster nodes.

Ensure the following before you deploy a host-name based certificate:

All nodes of the cluster have a host ID-based certificate.
All Fully Qualified Domain Names (FQHN) and short names for the cluster nodes are mapped to their respective host IDs.

To deploy a host name-based security certificate for a NetBackup primary server in a cluster

Run the following command on the active node of the primary server cluster:
On Windows: Install_path\NetBackup\bin\admincmd\bpnbaz -setupat
On UNIX: /usr/openv/netbackup/bin/admincmd/bpnbaz -setupat
Restart the NetBackup Service Layer (nbsl) service and the NetBackup Vault Manager (nbvault) service on the active node of the primary server.

Deploying a host name-based certificate on media servers or clients

This procedure works well when you deploy host name-based security certificates to many hosts at one time. As with NetBackup deployment in general, this method assumes that the network is secure.

To deploy a host name-based security certificate for media servers or clients

Run the following command on the primary server, depending on your environment. Either specify a host name, or deploy to all media servers or clients.
On Windows: Install_path\NetBackup\bin\admincmd\bpnbaz -ProvisionCert host_name|-AllMediaServers|-AllClients
On UNIX: /usr/openv/netbackup/bin/admincmd/bpnbaz -ProvisionCert host_name|-AllMediaServers|-AllClients
Restart the NetBackup Service Layer (nbsl) service on the media server.
No services need to be restarted if the target host is a NetBackup client.

Note:

In you use dynamic IPs on the hosts (DHCP), ensure that the host name and the IP address are correctly listed on the primary server. To do so, run the following NetBackup bpclient command on the primary server:

On Windows: Install_path\NetBackup\bin\admincmd\bpclient -L -All

On UNIX: /usr/openv/netbackup/bin/admincmd/bpclient -L -All

Deploying host name-based certificates

Feedback

Feedback