Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Snapshot Manager for Data Center Administrator's Guide
  3. Configure NetBackup Snapshot Manager for Data Center
  4. Verify storage array certificate
NetBackup™ Snapshot Manager for Data Center Administrator's Guide

Verify storage array certificate

NetBackup version 10.3.0.1 and later lets you verify the storage array certificate for any communication between NetBackup Snapshot Manager for Data Center and the storage array. For successful verification, the root certificate of the storage array must be maintained in the trust store of NetBackup Snapshot Manager for Data Center.

You must manually download the storage array certificate and add it to the NetBackup Snapshot Manager for Data Center trust store. Once the certificate is added to the trust store; during the plug-in configuration or plug-in update operations, select the Verify Certificate option to enable certificate verification.

To add and list certificates to the NetBackup Snapshot Manager for Data Center trust store:

  1. Sign on to the host NetBackup Snapshot Manager for Data Center .
  2. Using the mechanism provided by the storage array, download the root certificate of the storage array.
  3. Run this command to add a certificate to NetBackup Snapshot Manager for Data Center:

    flexsnap_configure truststore --ca <PATH TO STORAGE ARRAY CERT>

  4. Run this command to list the certificates added in the truststore:

    flexsnap_configure truststore

    Here is an example configuration:

    root@r7515-112v26:/root/Downloads# flexsnap_configure truststore --ca dspure09.pem
    CN=dspure09,O=Pure Storage,L=Default City,ST=MN,C=US ... done
    root@r7515-112v26:/root/Downloads# flexsnap_configure truststore
    CN=VeritasStorageArrayRootCA,O=Veritas,OU=NetBackup        ... ok
    CN=r7515-088v01.<domainName>.com,O=Isilon,ST=Some-State,C=AU ... ok
    CN=StorageArrayRootCA,O=Veritas,OU=NetBackup               ... ok
    CN=dspure09,O=Pure Storage,L=Default City,ST=MN,C=US            ... ok

To add storage array certificates using the tpconfig utility

  1. Run the command:

    modify_plugin -snapshot_manager

  2. Run the command:

    add_plugin --snapshot_manager

    In the tpconfig utility, enter true or false manually for the option Enter Verify Certificate, depending on whether the certificate needs to be verified or not.

In the web UI, use the Verify certificate option in the Plug-in configuration page or the Edit credentials dialog.

Considerations and limitations for the Verify certificate feature
  • By default, the Verify Certificate feature is inactive for the existing plug-ins after a NetBackup Snapshot Manager for Data Center upgrade. To enable this option for the existing plug-ins, you must add the root certificate to the NetBackup Snapshot Manager for Data Center trust store after the upgrade.

  • The Verify Certificate feature is not supported for Qumulo and NetApp storage arrays if configured using ZAPI.

Feedback

Was this page helpful?
Previous

Adding a plug-in

Next

SELinux enabled plug-in configuration for custom ports

Feedback

Was this page helpful?