Disabling the NetBackup CA in a NetBackup domain
Use this section to disable the existing NetBackup CA support from your domain when all the hosts in your domain are configured to use external certificates for host communication.
Note:
If you have NAT clients in your environment and the NetBackup Messaging Broker (nbmqbroker) service is enabled, you may need to restart the service after you disable the NetBackup CA to use external certificates only.
For more information about NAT support in NetBackup, refer to the NetBackup Administrator's Guide, Volume I.
If you have hosts that can communicate securely but cannot be configured to use external certificates (NetBackup 8.1, 8.1.1, or 8.1.2), you should not disable NetBackup CA configuration to avoid communication failure.
To disable NetBackup CA support in your domain
- Ensure that all the hosts in your domain are configured to use external certificates.
See Configure an external certificate for the NetBackup web server.
See Configuring the primary server to use an external CA-signed certificate.
- After each host in the domain is configured to use external certificates, remove the NetBackup CA support from each host (media servers and clients) in the domain.
Run the following commands on each host in the given order:
nbcertcmd -removeCACertificate -fingerPrint NetBackup CA certificate fingerprint
nbcertcmd -deleteCertificate -hostid host ID of the host
- Remove the NetBackup CA support from the primary server.
Run the following commands on the primary server in the given order:
nbcertcmd -removeCACertificate -fingerPrint NetBackup CA certificate fingerprint
nbcertcmd -deleteCertificate -hostid host ID of the primary server
- Revoke all host ID-based certificates in the domain. This is an optional step.
- Remove the NetBackup CA support from the web server. Ensure that you do not need the NetBackup certificates for host communication.
Run the following command on the web server:
configureWebServerCerts -removeNBCert
For more information about the commands, refer to the NetBackup Commands Reference Guide.
- Restart the NetBackup Web Management Console (nbwmc) service.