Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ for Red Hat Virtualization Administrator's Guide
  3. Managing Red Hat Virtualization servers
  4. Configuring secure communication between the Red Hat Virtualization server and NetBackup host
NetBackup™ for Red Hat Virtualization Administrator's Guide

Configuring secure communication between the Red Hat Virtualization server and NetBackup host

NetBackup can now validate Red Hat Virtualization server certificates using their root or intermediate certificate authority (CA) certificates.

Only PEM certificate format is supported for virtualization servers.

See VIRTUALIZATION_HOSTS_SECURE_CONNECT_ENABLED for servers and clients.

The following procedure is applicable for the NetBackup primary server and all Red Hat Virtualization access hosts.

To configure secure communication between Red Hat Virtualization server and Red Hat Virtualization access host

  1. Configure a external certificate authority trust store on the Red Hat Virtualization access host.
  2. Add CA certificates of the required Red Hat Virtualization server in the trust store on the access host.

    In case of Windows certificate store, add the CA certificate to the Windows Trusted Root Certification Authorities.

    Use the following command:

    certutil.exe -addstore -f "Root" certificate filename

  3. Use the nbsetconfig command to configure the following NetBackup configuration options on the access host:

    For more information on the configuration options, refer to the NetBackup Administrator's Guide, Volume I.

    ECA_TRUST_STORE_PATH

    Specifies the file path to the certificate bundle file that contains all trusted root CA certificates.

    This option is specific to file-based certificates. You should not configure this option if Windows certificate store is used.

    If you have already configured this external CA option, append the Red Hat Virtualization CA certificates to the existing external certificate trust store.

    If you have not configured the option, add all the required Red Hat Virtualization server CA certificates to the trust store and set the option.

    See ECA_TRUST_STORE_PATH for NetBackup servers and clients.

    ECA_CRL_PATH

    Specifies the path to the directory where the certificate revocation lists (CRL) of the external CA are located.

    If you have already configured this external CA option, append the Red Hat Virtualization server CRLs to the CRL cache.

    If you have not configured the option, add all the required CRLs to the CRL cache and then set the option.

    See ECA_CRL_PATH for NetBackup servers and clients.

    VIRTUALIZATION_HOSTS_SECURE_CONNECT_ENABLED

    This option affects Nutanix AHV, Red Hat Virtualization, and VMware secure communication. Without this option, the secure or insurce communication with workload is decided by each workload and plug-in separately.

    For more information, refer to the respective workload Administrator's Guide.

    For Red Hat Virtualization, secure communication is enabled by default.

    This option lets you skip the security certificate validation.

    See VIRTUALIZATION_HOSTS_SECURE_CONNECT_ENABLED for servers and clients.

    VIRTUALIZATION_CRL_CHECK

    Lets you validate the revocation status of the virtualization server certificate against the CRLs.

    By default, the option is disabled.

    See VIRTUALIZATION_CRL_CHECK for NetBackup servers and clients.

    For more information on external CA support, refer to the NetBackup Security and Encryption Guide.

Feedback

Was this page helpful?
Previous

Quick configuration checklist to protect Red Hat Virtualization virtual machines

Next

ECA_TRUST_STORE_PATH for NetBackup servers and clients

Feedback

Was this page helpful?