Deploying host ID-based certificates in an asynchronous manner
Host ID-based certificates are automatically deployed on NetBackup hosts during installation or upgrade. For successful automatic certificate deployment, the host where the certificate needs to be deployed should be connected to the primary server.
In certain scenarios, you may want to create, sign, and deploy host ID-based certificates in an asynchronous manner where the host and the primary server do not need to be connected at the time of certificate deployment.
To deploy host ID-based certificate in an asynchronous manner
- This command can be run only by the host administrator.
Create a certificate signing request. Run the following command on the non-primary server host where you want to deploy the certificate:
nbcertcmd -createCertRequest -requestFile request_file_name -server primary_server_name
Optionally, copy the Certificate Signing Request (CSR) file to any NetBackup host.
- Get a signed certificate from the primary server on the host. An authorization token is mandatory. If the host already has a certificate, a reissue token is required.
Run the following command on the host:
nbcertcmd -signCertificate -requestFile request_file_name -certificateFile certificate_file_name -token
Note:
Be sure to use the -signCertificate option on a host with the same or higher NetBackup version where the certificate signing request (CSR) was generated.
- Copy the signed certificate that is generated in step 2 and provide it to the host administrator.
- This command can be run only by the host administrator.
To deploy the signed certificate on the host, run the following command on the client:
nbcertcmd -deployCertificate -certificateFile certificate_file_name