Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Security and Encryption Guide
  3. Section II. Encryption of data-in-transit
  4. NetBackup CA and NetBackup certificates
  5. About revoking host ID-based certificates
  6. Delete NetBackup CA-signed certificate
NetBackup™ Security and Encryption Guide

Delete NetBackup CA-signed certificate

When you delete a NetBackup CA-signed certificate, NetBackup revokes all NetBackup certificates for that host and marks all of them as deleted.

Consider the following scenario: An external certificate authority (ECA)-only environment is configured in your domain. Because of the presence of NetBackup CA-signed certificates on hosts, primary server receives notifications like 'certificate expiry' for the hosts. In such scenario, you can choose to delete the NetBackup CA-signed certificates to stop receiving unwanted notifications.

Users with the following RBAC roles can delete a NetBackup CA-signed certificate:

  • NetBackup Administrator

  • Default Security Administrator

To delete NetBackup CA-signed certificates of a host using the NetBackup web UI

  1. On the left, go to Security > Certificates. Select the NetBackup certificates tab.
  2. Select the host that is associated with the certificate that you want to delete.

    Select Delete Certificate.

  3. Enter the reason to delete the certificate.
  4. Click Yes.
Delete NetBackup CA-signed certificates of the host using RESTful APIs

Use the following API to delete the NetBackup CA-signed certificate:

DELETE - /security/certificates/{serial_number} -

Use the following API to list the deleted NetBackup CA-signed certificates:

GET- /security/certificates/

Use the filter 'isCertDeleted'.

Delete NetBackup CA-signed certificates of a host using the command-line interface

To delete NetBackup CA-signed certificates of a host using the command-line interface

  • Run the following command:

    nbcertcmd -deleteNBCACertificate -hostId host_id | -host host_name -deletionReason value [-server master_server_name]

Feedback

Was this page helpful?
Previous

Revoking a host ID-based certificate

Next

Determining a NetBackup host's certificate state

Feedback

Was this page helpful?