Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ for VMware Administrator's Guide
  3. Managing VMware servers
  4. Validate VMware virtualization server certificates in NetBackup
NetBackup™ for VMware Administrator's Guide

Validate VMware virtualization server certificates in NetBackup

NetBackup can validate VMware virtualization server certificates using their root or intermediate certificate authority (CA) certificates.

For more information on external CA support in NetBackup, refer to the NetBackup Security and Encryption Guide.

The following procedure is applicable for the NetBackup primary server and all VMware access hosts.

To configure secure communication between VMware virtualization server and VMware access host

  1. Configure an external CA trust store on the VMware access host.
  2. Add CA certificates of the required VMware servers (vCenter, ESX, or ESXi server) in the trust store on the access host.

    For the Windows certificate store, you need to add the CA certificate to the Windows Trusted Root Certification Authorities.

    Use the following command:

    certutil.exe -addstore -f "Root" certificate filename

  3. Use the nbsetconfig command to configure the following NetBackup configuration options on the access host. See the NetBackup Administrator's Guide, Volume I for details on these options.

ECA_TRUST_STORE_PATH

Specifies the file path to the certificate bundle file that contains all trusted root CA certificates.

This option is specific to file-based certificates. You should not configure this option if the Windows certificate store is used.

If you have already configured this external CA option, append the VMware CA certificates to the existing external certificate trust store.

If you have not configured the option, add all the required virtualization server CA certificates to the trust store and set the option.

ECA_CRL_PATH

Specifies the path to the directory where the certificate revocation lists (CRL) of the external CA are located.

If the configuration option is already configured, append the virtualization server CRLs to the CRL cache.

If the option is not configured, add all the required CRLs to the CRL cache and then set the option.

VIRTUALIZATION_HOSTS_SECURE_CONNECT_ENABLED

Lets you enable the validation of a virtualization server's certificate.

VIRTUALIZATION_CRL_CHECK

Lets you validate the revocation status of the virtualization server certificate against the CRLs.

By default, the option is disabled.

VIRTUALIZATION_HOSTS_CONNECT_TIMEOUT

Lets you specify the duration (in seconds) after which the connection between NetBackup and vCloud Director server ends.

VMWARE_TLS_MINIMUM_V1_2

Lets you specify the Transport Layer Security (TLS) version to be used for communication between NetBackup and VMware servers.

Feedback

Was this page helpful?
Previous

Authentication token for the NetBackup vSphere plug-ins

Next

Configuring backup policies for VMware

Feedback

Was this page helpful?