Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Web UI Administrator's Guide
  5. Section III. Configuring hosts
  7. Managing deployment
  9. Deployment policies
  11. Security options tab in Deployment management
NetBackup™ Web UI Administrator's Guide

Security options tab in Deployment management

Use the policy Security options tab to configure the settings for external security certificates. These settings are only available if a selected host is configured to use external certificates (certificates that are signed by a CA other than the NetBackup CA).

Attribute

Description

Use existing certificates when possible

This option instructs NetBackup to use the existing NetBackup CA or external CA certificates, if available. By default, the Use existing certificates when possible option is selected.

Deselecting the Use existing certificates when possible option lets you specify the location for external certificate authority information for both UNIX and Linux computers and Windows computers.

Note:

If you specify this option and certificates are not available, your upgrade fails.

From Windows certificate store (Only for Windows)

Specifies that the certificate from the Windows certificate store is used. The certificate is searched using the following details that are provided with the Certificate location: Store name, Issuer name, Subject name.

Certificate file

Specifies the path to the external certificate of the host.

Trust store location

Specifies the path to the pem bundle of the Certificate Authorities.

Private key file

Specifies the path to the private key for the external certificate of the host.

Passphrase file

Specifies the path to the text file where the passphrase for the external certificate's private key is stored.

CRL check level

Specifies the revocation check level for the external certificate. It also lets you disable the revocation check for the external certificates. Based on the check level, the status of the certificate is validated against the Certificate Revocation List (CRL) during host communication. You can choose to use the CRLs from the directory that is specified in the NetBackup configuration file or the CRL Distribution Point (CDP).

From certificate file path (for file-based certificates)

(Only for Windows)

Specifies a list of comma-separated clauses where each clause element contains a query. The clause is of the form <Store name>\<Issuer Name>\<Subject Name>. $hostname is a keyword that is replaced with the fully qualified domain name of the host. For certificate selection from the Windows certificate store, NetBackup can pick a certificate from any of the Local Machine certificate stores on a Windows host.

  • Store name - The certificate store where the certificate is present

  • Issuer name (optional) - The certificate issuer name

  • Subject name - The subject name of the certificate

If the issuer name is not specified, the certificate is searched based on the subject name.

Feedback

Was this page helpful?
Previous

Schedules tab in Deployment management

Next

Copy a deployment policy

Feedback

Was this page helpful?