Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Web UI Administrator's Guide
  5. Section IX. Managing security
  7. Managing security certificates
  9. Manage NetBackup security certificates
  11. Reissue a NetBackup certificate
NetBackup™ Web UI Administrator's Guide

Reissue a NetBackup certificate

Note:

The information here only applies to the security certificates that the NetBackup certificate authority (CA) issues. External certificates must be managed outside of NetBackup.

In some cases a host's NetBackup certificate is no longer valid. For example, if a certificate is expired, revoked, or is lost. You can reissue a certificate either with or without a reissue token.

A reissue token is a type of authorization token that is used to reissue a NetBackup certificate. When you reissue a certificate, the host gets the host ID same as the original certificate.

Reissue a NetBackup certificate, with a token

If you need to reissue a host's NetBackup certificate NetBackup provides a more secure method to do this reissue. You can create an authorization token that the host administrator must use to obtain a new certificate. This reissue token retains the same host ID as the original certificate. The token can only be used once. Because it is associated to a specific host, the token cannot be used to request certificates for other hosts.

To reissue a NetBackup certificate for a host

  1. On the left, select Security > Certificates.
  2. Select the NetBackup certificates tab.
  3. Select the host and select Actions > Generate reissue token.
  4. Enter a token name and indicate how long the token should be valid for.
  5. Select Create.
  6. Select Copy to clipboard and then select Close.
  7. Share the authorization token so the host's administrator can obtain a new certificate.

Allow a NetBackup certificate reissue, without a token

In certain scenarios you need to reissue a certificate without a reissue token. For example, for a BMR client restore. The option Allow auto reissue certificate enables you to reissue a certificate without requiring a token.

To allow a NetBackup certificate reissue, without a token

  1. On the left, select Security > Host mappings.
  2. Locate the host and select Actions > Allow auto reissue certificate > Allow.

    Once you set the Allow auto reissue certificate option, a certificate can be reissued without a token within the next 48 hours, which is the default setting. After this window to reissue expires, the certificate reissue operation requires a reissue token.

  3. Notify the host's administrator that you allowed a NetBackup certificate reissue without a token.

Revoke the ability to reissue a NetBackup certificate without a token

After you allow a NetBackup certificate reissue without a token, you can revoke this ability before the window to reissue expires. By default, the window is 48 hours.

To revoke the ability to reissue a NetBackup certificate without a token

  1. On the left, select Hosts > Host mappings.
  2. Locate the host and select Actions > Revoke auto reissue certificate > Revoke.

Feedback

Was this page helpful?
Previous

Manage NetBackup security certificates

Next

Manage NetBackup certificate authorization tokens

Feedback

Was this page helpful?