Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Security and Encryption Guide
  3. Section II. Encryption of data-in-transit
  4. NetBackup CA and NetBackup certificates
  5. Migrating NetBackup CA
  6. Setting the required key strength before installation or upgrade using the NB_KEYSIZE environment variable
NetBackup™ Security and Encryption Guide

Setting the required key strength before installation or upgrade using the NB_KEYSIZE environment variable

After NetBackup installation or upgrade, by default a new root CA with 2048-bits key strength is deployed. If you want a larger key strength, you can set an environment variable to a value larger than 2048 bits before installation or upgrade.

To have a NetBackup CA with a key strength larger than 2048 bits

  1. Set the NB_KEYSIZE environment variable on the primary server before you start NetBackup installation or upgrade.

    For example: NB_KEYSIZE = 4096

    The NB_KEYSIZE environment variable can have the following values: 2048, 3072, 4096, 8192, or 16384.

    Note:

    If the FIPS mode is enabled on the primary server, you can specify only 2048 and 3072 bits as a value for the NB_KEYSIZE environment variable.

    Caution:

    You should carefully choose the key size for your environment. Choosing a large key size may reduce performance. A key size of 2048 offers security for most use cases.

  2. Install or upgrade NetBackup on hosts.

    In case of upgrade, continue with the CA migration.

    See Migrating NetBackup CA when the entire NetBackup domain is upgraded.

Feedback

Was this page helpful?
Previous

Migrating NetBackup CA

Next

Migrating NetBackup CA when the entire NetBackup domain is upgraded

Feedback

Was this page helpful?