NetBackup job fails because of revoked certificate or unavailability of CRLs
A NetBackup job fails.
The cause may be one of the following reasons:
The security certificate of the client is revoked.
The security certificate of the media server that backs up the client is revoked.
The security certificate of the primary server is revoked.
The CRL on the client, media server, or the primary server is corrupted or missing.
Examine the job details for the following message strings and adjacent status codes:
For certificate revocation, look for the message strings that contain certificate and revoked.
For the CRL, look for the message strings that contain certificate revocation list or CRL and missing , corrupted, or unavailable.
If necessary, determine if the client or the media server certificate was revoked.
If an external CA-signed certificate is used, refer to the external certificate section:
See Troubleshooting issues with external CA-signed certificate revocation.
Refer to the NetBackup documentation for the explanations for the status codes and recommended actions for recovery. If possible, resolve the issue.
If you cannot resolve the issue in a timely fashion, remove the revoked host from the backup policy or deactivate the policy. If the revoked host is the media server, deactivate it. (You can ignore "NetBackup version" errors when you deactivate the host.)
In case of NetBackup CA-signed certificate, after you resolve the security issue, reissue the certificate for the revoked host. Certificate reissue is documented in the NetBackup Security and Encryption Guide.
If necessary, add the client back to the backup policy, activate the backup policy, or activate the media server.