Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ for Hadoop Administrator's Guide
  5. Configuring NetBackup for Hadoop
  7. Configuring the NetBackup for Hadoop plug-in using the NetBackup for Hadoop configuration file
  9. Configuring communication between NetBackup and Hadoop clusters that are SSL-enabled (HTTPS)
NetBackup™ for Hadoop Administrator's Guide

Configuring communication between NetBackup and Hadoop clusters that are SSL-enabled (HTTPS)

To enable communication between NetBackup and Hadoop clusters that are SSL-enabled (HTTPS), complete the following steps:

  • Update the hadoop.conf file that is located in the /usr/openv/var/global/ directory on the backup host using the use_ssl parameter in the following format:

    {
 	"application_servers":
		{
		 "hostname_of_namenode1":
				{
							"use_ssl":true
				}
		}
}

    Configuration file format for SSL and HA:

    {
   "application_servers":
   {
    "primary.host.com":
    {
      "use_ssl":true,
     "failover_namenodes":
     [
      {
       "hostname":"secondary.host.com",
       "use_ssl":true,
       "port":11111
      }
     ]
    }
   }
}

    By default, the value is set to false.

    If you use multiple backup hosts, the backup host in that has defined the use_ssl parameter in the hadoop.conf file is used for communication.

    You must define the use_ssl parameter in the hadoop.conf file for every Hadoop cluster.

  • Use the nbsetconfig command to configure the following NetBackup configuration options on the access host:

    For more information on the configuration options, refer to the NetBackup Administrator's Guide.

    ECA_TRUST_STORE_PATH

    Specifies the file path to the certificate bundle file that contains all trusted root CA certificates.

    If you have already configured this external CA option, append the Hadoop CA certificates to the existing external certificate trust store.

    If you have not configured the option, add all the required Hadoop server CA certificates to the trust store and set the option.

    See ECA_TRUST_STORE_PATH for NetBackup servers and clients.

    ECA_CRL_PATH

    Specifies the path to the directory where the certificate revocation lists (CRL) of the external CA are located.

    If you have already configured this external CA option, append the Hadoop server CRLs to the CRL cache.

    If you have not configured the option, add all the required CRLs to the CRL cache and then set the option.

    See ECA_CRL_PATH for NetBackup servers and clients.

    HADOOP_SECURE_CONNECT_ENABLED

    This option affects Hadoop secure communication.

    Set this value to YES when you have set the use_ssl as true in the hadoop.conf file. The single value is applicable to all Hadoop clusters when use_ssl is set to true.

    For Hadoop, secure communication is enabled by default.

    This option lets you skip the security certificate validation.

    See HADOOP_SECURE_CONNECT_ENABLED for servers and clients.

    HADOOP_CRL_CHECK

    Lets you validate the revocation status of the Hadoop server certificate against the CRLs.

    The single value is applicable to all Hadoop clusters when use_ssl is set to true.

    By default, the option is disabled.

    See HADOOP_CRL_CHECK for NetBackup servers and clients.

Feedback

Was this page helpful?
Previous

Configuring distribution algorithm and golden ratio for backup hosts

Next

ECA_TRUST_STORE_PATH for NetBackup servers and clients

Feedback

Was this page helpful?