ECMS_HOSTS_SECURE_CONNECT_ENABLED for servers
The ECMS_HOSTS_SECURE_CONNECT_ENABLED option enables or disables the Host Name verification of the external CMS server during an SSL connection. Before you enable the option, review the 'Configure External Credentials' section in the NetBackup Administrator's Guide, Volume I.
By default, the ECMS_HOSTS_SECURE_CONNECT_ENABLED option is set to YES (Enabled). When enabled, the certificate deployed on the external CMS server (For example, CyberArk Server) must have Common Name or Subject Alternative Name that matches the host name of the external CMS server. Else, the SSL connection to the server fails. The host name verification can be disabled by setting the value of ECMS_HOSTS_SECURE_CONNECT_ENABLED option to NO or FALSE.
Note:
Hostname verification involves a server identity check to ensure that the client is talking to the correct server and has not been redirected by a man in the middle attack. The check involves viewing the certificate sent by the server, and verifying that the dnsName in the subjectAltName field of the certificate matches the host portion of the URL used to make the request.
Table: ECMS_HOSTS_SECURE_CONNECT_ENABLED information
Usage | Description |
|---|---|
Where to use | On NetBackup primary server. |
How to use | Use the nbgetconfig and nbsetconfig commands to view, add, or change the option. For information about these commands, see the NetBackup Commands Reference Guide. Use the following format to disable certificate validation for external CMS servers: ECMS_HOSTS_SECURE_CONNECT_ENABLED = NO |
Equivalent NetBackup web UI property | No equivalent exists in the host properties. |