Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Security and Encryption Guide
  3. Section II. Encryption of data-in-transit
  4. NetBackup CA and NetBackup certificates
  5. About host management
  6. Allowing or disallowing automatic certificate reissue
NetBackup™ Security and Encryption Guide

Allowing or disallowing automatic certificate reissue

This section provides the procedures for allowing and disallowing automatic certificate reissue.

The Allow Auto Reissue Certificate option enables the autoreissue parameter of a host that in turn allows you to deploy a certificate on the host without requiring a reissue token.

See Deploying host ID-based certificates.

By default, the autoreissue parameter is enabled for 2880 minutes (or 48 hours or 2 days). After this duration, the parameter is disabled and the certificate reissue operation requires a reissue token.

See Configuring validity of the autoreissue parameter for a host.

To manually disable the autoreissue parameter, use the Disallow Auto Reissue Certificate option.

Note:

During the Bare Metal Restore (BMR) process, the autoreissue flag is automatically set.

For more information about Bare Metal Restore, refer to the NetBackup Bare Metal Restore Administrator's Guide.

To allow automatic certificate reissue using the NetBackup Administration Console

  1. Expand Security Management > Host Management.
  2. In the right pane, select the host for which you want to allow automatic certificate reissue.
  3. Right-click the host and select the Allow Auto Reissue Certificate option.

To allow automatic certificate reissue using the command-line interface

  1. Run the following command to authenticate your web services login:

    bpnbat -login -loginType WEB

  2. Run the following command to enable the autoreissue parameter, which in turn allows automatic certificate reissue:

    nbhostmgmt -allowautoreissuecert -hostid host_ID -autoreissue 1

To disallow automatic certificate reissue using the NetBackup Administration Console

  1. Expand Security Management > Host Management.
  2. In the right pane, select the host for which you want to disallow automatic certificate reissue.
  3. Right-click the host and select the Disallow Auto Reissue Certificate option.

To disallow automatic certificate reissue using the command-line interface

  1. Run the following command to authenticate your web services login:

    bpnbat -login -loginType WEB

  2. Run the following command to disable the autoreissue parameter, which in turn disallows automatic certificate reissue:

    nbhostmgmt -allowautoreissuecert -hostid host_ID -autoreissue 0

Feedback

Was this page helpful?
Previous

Decommission a client

Next

Configuring validity of the autoreissue parameter for a host

Feedback

Was this page helpful?