Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Web UI Administrator's Guide
  5. Section IX. Managing security
  7. Managing the global security settings for the primary server
  9. About trusted primary servers
  11. About the certificate to use to add a trusted primary server
NetBackup™ Web UI Administrator's Guide

About the certificate to use to add a trusted primary server

A source or a target primary server may use NetBackup CA-signed certificates (host ID-based certificates) or external CA-signed certificates.

For more information on NetBackup host ID-based certificates and external CA support, refer to the NetBackup Security and Encryption Guide.

To establish trust between source and target primary servers, NetBackup verifies the following:

Can the source primary server establish trust using an external CA-signed certificate?

If the external CA configuration options - ECA_CERT_PATH, ECA_PRIVATE_KEY_PATH, and ECA_TRUST_STORE_PATH - are defined in the NetBackup configuration file of the source primary server, it can establish the trust using an external certificate.

In the case of the Windows certificate trust store, only the option ECA_CERT_PATH is defined.

Which certificate authorities (CA) does the target primary server support?

The target primary server may support external CA, NetBackup CA, or both.

See View the Certificate authority for secure communication.

The following table lists the CA support scenarios and the certificate to use to establish trust between the source and the target primary servers. The instructions assume that you use the NetBackup web UI for the configuration.

Table: Certificate to use for the trust setup

Can the primary server use an external certificate?

Which CA does the target primary server use?

Certificate to use for the trust setup

Yes

The source primary server can use the NetBackup CA and an external CA for communication with a remote primary server.

External CA

External CA

NetBackup CA

NetBackup CA

External CA and NetBackup CA

NetBackup prompts to select the CA that you want to use for trust setup.

No

The source primary server can only use the NetBackup CA for communication with a remote primary server.

External CA

No trust is established.

NetBackup CA

NetBackup CA

External CA and NetBackup CA

NetBackup CA

Feedback

Was this page helpful?
Previous

About trusted primary servers

Next

Add a trusted primary server

Feedback

Was this page helpful?