Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Security and Encryption Guide
  3. Section III. Encryption of data at rest
  4. Hardware Security Module (HSM) support in NetBackup
  5. Protecting host ID artefacts in NetBackup using HSM
NetBackup™ Security and Encryption Guide

Protecting host ID artefacts in NetBackup using HSM

After HSM is configured on NetBackup host using nbhsmcmd command, the private key of host ID certificate on NetBackup host can be encrypted using HSM by following steps:

To protect host ID artefacts in NetBackup using HSM

  1. Use the nbsetconfig command to set the required configuration parameter as follows:.

    NB_CIPHER_KEYSTORE_TYPE = HSM

  2. Use the nbcertcmd -rotatepassphrasekey command to rotate passphrase key.
  3. Use nbcertcmd -listcertdetails option to list host ID certificate details.

    Check 'Private Key Encryption State' to ensure that the passphrase of the host ID certificate's private key is encrypted using HSM.

Feedback

Was this page helpful?
Previous

Configuring Hardware Security Module on a NetBackup host

Next

Moving back to file store-based encryption

Feedback

Was this page helpful?