About host ID-based certificate expiration and renewal

NetBackup host ID-based certificates expire one year after their issue date. They are automatically renewed 180 days before the expiration date. A certificate renewal request is sent periodically until a certificate is successfully renewed. Automatic renewal ensures that the renewal process is transparent to the users.

Note:

You can disable automatic renewal of host-ID based certificates using the DISABLE_CERT_AUTO_RENEW parameter from the NetBackup configuration file (the Windows registry or the bp.conf file on UNIX).

For more information, see the NetBackup Administrator's Guide, Volume I.

The renewal request is always authenticated using the existing certificate. Hence, the renewal process does not require the use of an authorization token, regardless of the certificate deployment security level.

If the existing certificate has not expired, the host administrator can initiate a manual renewal request, as described in the following procedure.

To renew a host ID-based certificate manually

The host administrator runs the following command on the non-primary host:
nbcertcmd -renewCertificate
- Certificates corresponding to NetBackup domains other than the primary domain can be manually renewed by specifying the -server option.
- Use the -cluster option to renew the cluster certificate of NetBackup clustered server.

In a scenario where the certificate has expired, the administrator of the host must manually reissue the certificate.

See About reissuing host ID-based certificates.

About host ID-based certificate expiration and renewal

Feedback

Feedback