Primary server security certificate is revoked

A revoked security certificate on a NetBackup primary server is the worst case scenario for NetBackup security. The following symptoms may indicate that the primary server certificate is revoked:

Jobs fail with network errors.
Media servers deactivate spontaneously.
The vnetd proxy process log files on hosts show that the primary server's certificate is revoked.
See Viewing the vnetd proxy log files.
The bptestbpcd -host primary_server command output may show that the primary server's certificate is revoked.
See Determining a NetBackup host's certificate state.

If the primary server is compromised and remains compromised, do the following:

If a NetBackup CA-signed certificate is used

Do not trust the certificate revocation list on any host.
Resolve the issue, reissue the primary server's security certificate, and then return the primary server to service.
If you cannot resolve the issue and return the primary server to service, replace it. You must then reissue all host certificates.

If an external CA-signed certificate is used, you can undo the revocation of the primary server's certificate or enroll a new certificate for the primary server.

See Troubleshooting issues with external CA-signed certificate revocation.

Primary server security certificate is revoked

Feedback

Feedback