Configuring NetBackup CA and NetBackup host ID-based certificate for secure communication between the source and the target MSDP storage servers
MSDP now supports secure communications between two media servers from two different NetBackup domains. The secure communication is set up when you run Auto Image Replication (A.I.R.). The two media servers must use the same CA to do the certificate security check. The source MSDP server uses the CA of the target NetBackup domain and the certificate that is authorized by the target NetBackup domain. You must manually deploy CA and the certificate on the source MSDP server before using Auto Image Replication.
Note:
After you upgrade to NetBackup 8.1.2 or later, manually deploy NetBackup CA and the NetBackup host ID-based certificate on the source MSDP server to use the existing Auto Image Replication.
To configure the NetBackup CA and a NetBackup host ID-based certificate, complete the following steps:
On the target NetBackup primary server, run the following command to display the NetBackup CA fingerprint:
Windows
install_path\NetBackup\bin\nbcertcmd -displayCACertDetail
UNIX
/usr/openv/netbackup/bin/nbcertcmd -displayCACertDetail
On the source MSDP storage server, run the following command to get the NetBackup CA from target NetBackup primary server:
Windows
install_path\NetBackup\bin\nbcertcmd -getCACertificate -server target_primary_server
UNIX
/usr/openv/netbackup/bin/nbcertcmd -getCACertificate -server target_primary_server
When you accept the CA, ensure that the CA fingerprint is the same as displayed in the previous step.
On the source MSDP storage server, run the following command to get a certificate generated by target NetBackup primary server:
Windows
install_path\NetBackup\bin\nbcertcmd -getCertificate -server target_primary_server -token token_string
UNIX
/usr/openv/netbackup/bin/nbcertcmd -getCertificate -server target_primary_server -token token_string
Use either of these two methods to obtain the authorization tokens:
NetBackup web UI
In NetBackup web UI, select Security > Tokens.
Click and fill the required details to create a token.
NetBackup commands
Use the bpnbat command to log on the target NetBackup primary server.
Use the nbcertcmd command to get the authorization tokens.
For more information on the commands, refer to the NetBackup Commands Reference Guide.