Setting the required key strength before installation or upgrade using the NB_KEYSIZE environment variable
After NetBackup installation or upgrade, by default a new root CA with 2048-bits key strength is deployed. If you want a larger key strength, you can set an environment variable to a value larger than 2048 bits before installation or upgrade.
To have a NetBackup CA with a key strength larger than 2048 bits
- Set the NB_KEYSIZE environment variable on the primary server before you start NetBackup installation or upgrade.
For example: NB_KEYSIZE = 4096
The NB_KEYSIZE environment variable can have the following values: 2048, 3072, 4096, 8192, or 16384.
Note:
If the FIPS mode is enabled on the primary server, you can specify only 2048 and 3072 bits as a value for the NB_KEYSIZE environment variable.
Caution:
You should carefully choose the key size for your environment. Choosing a large key size may reduce performance. A key size of 2048 offers security for most use cases.
- Install or upgrade NetBackup on hosts.
In case of upgrade, continue with the CA migration.
See Migrating NetBackup CA when the entire NetBackup domain is upgraded.