Reissue a NetBackup certificate
Note:
The information here only applies to the security certificates that the NetBackup certificate authority (CA) issues. External certificates must be managed outside of NetBackup.
In some cases a host's NetBackup certificate is no longer valid. For example, if a certificate is expired, revoked, or is lost. You can reissue a certificate either with or without a reissue token.
A reissue token is a type of authorization token that is used to reissue a NetBackup certificate. When you reissue a certificate, the host gets the host ID same as the original certificate.
If you need to reissue a host's NetBackup certificate NetBackup provides a more secure method to do this reissue. You can create an authorization token that the host administrator must use to obtain a new certificate. This reissue token retains the same host ID as the original certificate. The token can only be used once. Because it is associated to a specific host, the token cannot be used to request certificates for other hosts.
To reissue a NetBackup certificate for a host
- On the left, select Security > Certificates.
- Select the NetBackup certificates tab.
- Select the host and select Actions > Generate reissue token.
- Enter a token name and indicate how long the token should be valid for.
- Select Create.
- Select Copy to clipboard and then select Close.
- Share the authorization token so the host's administrator can obtain a new certificate.
In certain scenarios you need to reissue a certificate without a reissue token. For example, for a BMR client restore. The option enables you to reissue a certificate without requiring a token.
To allow a NetBackup certificate reissue, without a token
- On the left, select Security > Host mappings.
- Locate the host and select Actions > Allow auto reissue certificate > Allow.
Once you set the Allow auto reissue certificate option, a certificate can be reissued without a token within the next 48 hours, which is the default setting. After this window to reissue expires, the certificate reissue operation requires a reissue token.
- Notify the host's administrator that you allowed a NetBackup certificate reissue without a token.
After you allow a NetBackup certificate reissue without a token, you can revoke this ability before the window to reissue expires. By default, the window is 48 hours.
To revoke the ability to reissue a NetBackup certificate without a token
- On the left, select Hosts > Host mappings.
- Locate the host and select Actions > Revoke auto reissue certificate > Revoke.