Security options tab in Deployment management
Use the policy Security options tab to configure the settings for external security certificates. These settings are only available if a selected host is configured to use external certificates (certificates that are signed by a CA other than the NetBackup CA).
Attribute | Description |
|---|---|
|
Use existing certificates when possible |
This option instructs NetBackup to use the existing NetBackup CA or external CA certificates, if available. By default, the Use existing certificates when possible option is selected. Deselecting the Use existing certificates when possible option lets you specify the location for external certificate authority information for both UNIX and Linux computers and Windows computers. Note: If you specify this option and certificates are not available, your upgrade fails. |
|
From Windows certificate store (Only for Windows) |
Specifies that the certificate from the Windows certificate store is used. The certificate is searched using the following details that are provided with the : Store name, Issuer name, Subject name. |
|
Certificate file |
Specifies the path to the external certificate of the host. |
|
Trust store location |
Specifies the path to the pem bundle of the Certificate Authorities. |
|
Private key file |
Specifies the path to the private key for the external certificate of the host. |
|
Passphrase file |
Specifies the path to the text file where the passphrase for the external certificate's private key is stored. |
|
CRL check level |
Specifies the revocation check level for the external certificate. It also lets you disable the revocation check for the external certificates. Based on the check level, the status of the certificate is validated against the Certificate Revocation List (CRL) during host communication. You can choose to use the CRLs from the directory that is specified in the NetBackup configuration file or the CRL Distribution Point (CDP). |
|
From certificate file path (for file-based certificates) (Only for Windows) |
Specifies a list of comma-separated clauses where each clause element contains a query. The clause is of the form <Store name>\<Issuer Name>\<Subject Name>. $hostname is a keyword that is replaced with the fully qualified domain name of the host. For certificate selection from the Windows certificate store, NetBackup can pick a certificate from any of the Local Machine certificate stores on a Windows host.
If the issuer name is not specified, the certificate is searched based on the subject name. |