Troubleshooting problems with the NetBackup web server certificate
NetBackup generates and deploys an X509 certificate for the NetBackup Web Management Console (nbwmc) or NetBackup web server during installation. This certificate authenticates the NetBackup primary server and validates that a client is connected to the primary server. This certificate is periodically refreshed.
The NetBackup web server certificate is generated during NetBackup installation. To troubleshoot the generation of this certificate, refer to the following logs. The nbcert and nbatd logs use unified logging. The configureCerts.log uses a simple logging style and not VxUL.
/usr/openv/logs/nbcert /usr/openv/wmc/webserver/logs/configureCerts.log /usr/openv/logs/nbatd
install_path\NetBackup\logs\nbcert C:\ProgramData\Cohesity\NetBackup\InstallLogs\WMC_configureCerts_yyyymmdd_timestamp.txt install_path\NetBackup\logs\nbatd
The web server certificate has an expiration time of one year. NetBackup tries to automatically renew the certificate every 6 months. The renewed certificate is automatically deployed. If the certificate cannot be renewed, the information is audited and the error is logged in the NetBackup error log. In such cases NetBackup tries periodically try to renew the certificate (every 24 hours). If the failure to renew the certificate persists, contact Technical Support.
You can see the audit records using the nbauditreport command.
To troubleshoot the certificate renewal, refer to the following logs. The nbwebservice (OID 466 and 484) and nbatd (OID 18) logs use unified logging. The configureCerts.log uses a simple logging style and not VxUL.
/usr/openv/logs/nbwebservice /usr/openv/wmc/webserver/logs/configureCerts.log /usr/openv/logs/nbatd install_path\NetBackup\logs\nbwebservice C:\ProgramData\Cohesity\NetBackup\InstallLogs\WMC_configureCerts_yyyymmdd_timestamp.txt install_path\NetBackup\logs\nbatd