About revoking host ID-based certificates
When you revoke a NetBackup digital security certificate, NetBackup revokes any other certificates for that host. NetBackup ceases to trust the host, and it no longer can communicate with other NetBackup hosts.
If you revoke a certificate, you must select one of the following reasons:
Affiliation Changed | The host changes affiliation to a different NetBackup domain. |
CA Compromise | The certificate authority is compromised. |
Cessation of Operation | The host ceases to be a NetBackup host. For example, you decommission a NetBackup media server or client. |
Key Compromise | The certificate key is compromised. |
Superseded | A new certificate supersedes the certificate to be revoked. |
Unspecified | Other, unspecified reasons. Perhaps you want to suspend privileges temporarily while you investigate a security event. |
If you revoke a certificate and later determine that you can trust the host, provision a new certificate on that host. You do so by using a reissue token.
See About reissuing host ID-based certificates.
Note:
Do not revoke a certificate of the primary server. If you do, NetBackup operations may cease.
After you revoke a host's certificate, you should consider doing the following actions in NetBackup:
Remove the host from backup policies.
For a NetBackup media server, deactivate it.
You should also consider any actions that are not related to NetBackup to ensure that someone with malicious intent cannot use the certificate and key.
More Information