Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Security and Encryption Guide
  3. Section II. Encryption of data-in-transit
  4. NetBackup CA and NetBackup certificates
  5. About revoking host ID-based certificates
NetBackup™ Security and Encryption Guide

About revoking host ID-based certificates

When you revoke a NetBackup digital security certificate, NetBackup revokes any other certificates for that host. NetBackup ceases to trust the host, and it no longer can communicate with other NetBackup hosts.

If you revoke a certificate, you must select one of the following reasons:

Affiliation Changed

The host changes affiliation to a different NetBackup domain.

CA Compromise

The certificate authority is compromised.

Cessation of Operation

The host ceases to be a NetBackup host. For example, you decommission a NetBackup media server or client.

Key Compromise

The certificate key is compromised.

Superseded

A new certificate supersedes the certificate to be revoked.

Unspecified

Other, unspecified reasons. Perhaps you want to suspend privileges temporarily while you investigate a security event.

If you revoke a certificate and later determine that you can trust the host, provision a new certificate on that host. You do so by using a reissue token.

See About reissuing host ID-based certificates.

Note:

Do not revoke a certificate of the primary server. If you do, NetBackup operations may cease.

After you revoke a host's certificate, you should consider doing the following actions in NetBackup:

  • Remove the host from backup policies.

  • For a NetBackup media server, deactivate it.

You should also consider any actions that are not related to NetBackup to ensure that someone with malicious intent cannot use the certificate and key.

More Information

About the host ID-based certificate revocation list

Feedback

Was this page helpful?
Previous

Refreshing the CRL on a NetBackup host

Next

Removing trust between a host and a primary server

Feedback

Was this page helpful?