About automatic enrollment of an external certificate
An external certificate of a host is automatically enrolled with a primary server when communication takes place for the first time. You can disable the automatic certificate enrollment process and enroll the certificates manually as and when required using the nbcertcmd -enrollCertificate command.
See ECA_DISABLE_AUTO_ENROLLMENT for NetBackup servers and clients.
If automatic enrollment is enabled for communicating hosts and both hosts have external certificates configured, NetBackup tries to enroll the external certificates.
The external certificates are enrolled with the associated primary server. During any subsequent communications between the hosts associated with this primary server, the enrolled external certificates are used.
External certificates are not automatically enrolled in the following scenarios:
Communication with NAT clients
For more information about NAT client support in NetBackup, refer to the NetBackup Administrator's Guide Volume I.
Communication between media servers as part of media server deduplication (MSDP) image replication
Communication with the NetBackup Administration Console