Manage NetBackup security certificates
Note:
The information here only applies to the security certificates that the NetBackup certificate authority (CA) issues. More information is available for external certificates.
You can view and revoke NetBackup certificates and view information about the NetBackup CA. More detailed information about NetBackup certificate management and certificate deployment is available in the NetBackup Security and Encryption Guide.
You can view details of all host ID-based NetBackup certificates that are issued to NetBackup hosts. Note that only 8.1 and later NetBackup hosts have host ID-based certificates. The list does not include any NetBackup 8.0 or earlier hosts.
To view a NetBackup certificate
- On the left, select Security > Certificates.
- Select the NetBackup certificates tab.
- To view additional certificate details for a host, click on a host name.
When you revoke a NetBackup host ID-based certificate, NetBackup revokes any other certificates for that host. NetBackup ceases to trust the host, and it can no longer communicate with the other NetBackup hosts.
You can choose to revoke a host ID-based certificate under various conditions. For example, if you detect that client security has been compromised, if a client is decommissioned, or if NetBackup was uninstalled from the host. A revoked certificate cannot be used to communicate with primary server web services.
Security best practices suggest that the NetBackup security administrator explicitly revoke the certificates for any host that is no longer active. Take this action if whether or not the certificate is still deployed on the host.
Note:
Do not revoke a certificate of the primary server. If you do, NetBackup operations may fail.
To revoke a NetBackup CA certificate
- On the left, select Security > Certificates.
- Select the NetBackup certificates tab.
- Select the host that is associated with the certificate that you want to revoke.
- Select Revoke certificate > Yes.
For secure communication with the NetBackup certificate authority (CA) on the primary server, a host's administrator must add the CA certificate to an individual host's trust store. The primary server administrator must give the fingerprint of the CA certificate to the administrator of the individual host.
To view the NetBackup certificate authority details and fingerprint
- On the left, select Security > Certificates.
- Click the NetBackup certificates tab.
- In the toolbar, select Certificate authority.
- Find the Fingerprint information and select Copy to clipboard.
- Provide this fingerprint information to the host's administrator.