Finding and communicating the fingerprint of the certificate authority
The primary server administrator must find the fingerprint of the CA certificate and communicate it to the administrator of the individual host so that the host can add the CA certificate to its trust store.
Both SHA-1 or SHA-256 fingerprints are supported.
To find the fingerprint of the CA certificate
- The primary server administrator can find the fingerprint using the NetBackup web UI or the command line:
Using the NetBackup web UI:
Select Security > Certificates.
Select Certificate Authority.
The following information is displayed:
Subject name
Identifies the certificate for the desired primary server.
Start date
The date when the certificate is activated.
Expires
The date when the certificate expires.
SHA-1 fingerprint
The hash value of the certificate that is calculated using the SHA-1 algorithm. Click Copy to clipboard to help the administrator communicate the fingerprint to the host administrator.
SHA-256 fingerprint
The hash value of the certificate that is calculated using the SHA-256 algorithm. Click Copy to clipboard to help the administrator communicate the fingerprint to the host administrator.
Using the command line:
Run the following command on the primary server to view the Root Certificate Fingerprint:
nbcertcmd -listCACertDetails
If multiple CA certificates are displayed, use the Subject name.
- The primary server administrator communicates the fingerprint to the host administrator by email, by file, or on an internal web site.
The host administrator uses the fingerprint value to verify the fingerprint that is displayed when the host runs nbcertcmd -getCACertificate. This verifies the authenticity of the CA certificate.
The vssat command can also be used to view the CA certificate fingerprint. Use vssat with the following options:
vssat showcred -p nbatd
However, note the following differences between using nbcertcmd -listCACertDetails and vssat:
vssat displays the fingerprint as a hash and does not include colon separators.
If the host trusts multiple Certificate Authorities, the nbcertcmd command displays all CA certificates. The Subject Name displays the identity of the CA.