Deleting sensitive certificates and keys from media servers and clients
In the cloning process, use the following command to remove certain sensitive certificates and keys from NetBackup media servers and clients in the following scenarios:
Run the command on the cloned virtual machine, which is cloned from an active NetBackup host.
Run the command before creating a gold image of a virtual machine for cloning.
nbcertcmd -deleteAllCertificates
Note:
This command is allowed only on media servers and clients. The command is not allowed on primary servers.
This operation deletes or shreds the appropriate sensitive information (certificates and keys) from the following locations:
On Windows:
Install_Path\NetBackup\var\VxSS\certmapinfo.json
Install_Path\NetBackup\var\VxSS\credentials\<certificate>
For example:
Install_Path\NetBackup\var\VxSS\credentials\ 6d92d4dd-ed2d-43de-adb1-bf333aa2cc3c
Install_Path\NetBackup\var\VxSS\credentials\keystore\PrivKeyFile.pem (shredded)
Install_Path\NetBackup\var\VxSS\at\systemprofile\certstore\<certificate>
For example:
Install_Path\NetBackup\var\VxSS\at\systemprofile\ certstore\9345b05e-lilycl2nb!1556!nbatd!1556.0
Install_Path\NetBackup\var\VxSS\at\systemprofile\certstore\keystore\PrivKeyFile.pem (shredded)
Install_Path\NetBackup\var\VxSS\at\systemprofile\certstore\keystore\PubKeyFile.pem
On UNIX:
/usr/openv/var/vxss/certmapinfo.json
/usr/openv/var/vxss/credentials/<certificate>
For example:
/usr/openv/var/vxss/credentials/ f4f72ef3-2cfc-42a4-ab5a-65fd09e8b63e
/usr/openv/var/vxss/credentials/keystore/PrivKeyFile.pem (shredded)
/var/vxss/at/root/.VRTSat/profile/certstore/<certificate>
/var/vxss/at/root/.VRTSat/profile/certstore/keystore/PubKeyFile.pem
/var/vxss/at/root/.VRTSat/profile/certstore/keystore/PrivKeyFile.pem (shredded)