Revoking a host ID-based certificate for a clustered NetBackup setup
NetBackup administrators may consider revoking a host ID-based certificate under various conditions. For example, if the administrator detects that client security has been compromised, if a client is decommissioned, or if NetBackup is uninstalled from the host. A host with a revoked certificate cannot communicate with other hosts. Every NetBackup host must have a valid security certificate and a valid Certificate Revocation List (CRL) for successful communication.
See About the host ID-based certificate revocation list.
The NetBackup administrator can revoke certificates for a cluster node or the virtual name from any host in a NetBackup domain.
Ensure that you revoke the appropriate certificate.
After the certificate is revoked, you may need to deploy a new host ID-based certificate. Create a reissue token on the clustered node and deploy a new certificate using the reissue token.
See Creating a reissue token for a clustered NetBackup setup.
See Deploying a host ID-based certificate on a clustered NetBackup setup using reissue token.
To revoke a certificate from a cluster node
- Log in to the NetBackup Web Management Service:
bpnbat -login -logintype WEB
- Run the following command to revoke a certificate for a cluster node:
nbcertcmd -revokeCertificate -host host_name
To revoke a certificate for the virtual name
- Log in to the NetBackup Web Management Service:
bpnbat -login -logintype WEB
- Run the following command to revoke a host ID-based certificate for the virtual name:
nbcertcmd -revokeCertificate -host virtual_name