Environment variable for certificate key size in upgrades from NetBackup 8.2 and earlier
This information is applicable to NetBackup upgrades of 8.2 and earlier environments.
NetBackup uses security certificates to authenticate NetBackup hosts for secure communication. The security certificates conform to the X.509 Public Key Infrastructure (PKI) standard. A NetBackup primary server acts as the certificate authority (CA) and issues digital certificates to hosts. NetBackup supports the following certificate key sizes: 2048 bits, 3072 bits, 4096 bits, and 8192 bits.
With a NetBackup 9.1 upgrade, new root CA with 2048 bit key strength is deployed. To use a certificate key size larger than 2048 bits, set the NB_KEYSIZE environment variable on the primary server before you start the installation.
For example:
NB_KEYSIZE = 4096
The NB_KEYSIZE can only have the following values: 2048, 3072, 4096, and 8192.
Note:
If the FIPS mode is enabled on the primary server, you can only specify 2048 bits or 3072 bits as a value for the NB_KEYSIZE environment variable.
Caution:
You should carefully choose the key size for your environment. Choosing a large key size may reduce performance. You should consider all factors to determine the correct key size for your environment.
For more information about CA migration and certificate key sizes, see the NetBackup Security and Encryption Guide.
Table: Overview of the upgrade process shows the overview of the upgrade procedure.
Table: Overview of the upgrade process
Step | Details | More information |
|---|---|---|
1 | Review operating system requirements and confirm the computer meets all requirements. | See Upgrade requirements for UNIX and Linux. |
2 | Confirm that the web server user account and group account are created and enabled. | More information is available: See NetBackup primary server web server user and group creation. |
3 | Begin the upgrade process |