Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Troubleshooting Guide
  5. Troubleshooting procedures
  7. Troubleshooting security certificate revocation
  9. Primary server security certificate is revoked
NetBackup™ Troubleshooting Guide

Primary server security certificate is revoked

A revoked security certificate on a NetBackup primary server is the worst case scenario for NetBackup security. The following symptoms may indicate that the primary server certificate is revoked:

  • Jobs fail with network errors.

  • Media servers deactivate spontaneously.

  • The vnetd proxy process log files on hosts show that the primary server's certificate is revoked.

    See Viewing the vnetd proxy log files.

  • The bptestbpcd -host primary_server command output may show that the primary server's certificate is revoked.

    See Determining a NetBackup host's certificate state.

If the primary server is compromised and remains compromised, do the following:

If a NetBackup CA-signed certificate is used

  1. Do not trust the certificate revocation list on any host.

  2. Resolve the issue, reissue the primary server's security certificate, and then return the primary server to service.

  3. If you cannot resolve the issue and return the primary server to service, replace it. You must then reissue all host certificates.

If an external CA-signed certificate is used, you can undo the revocation of the primary server's certificate or enroll a new certificate for the primary server.

See Troubleshooting issues with external CA-signed certificate revocation.

Feedback

Was this page helpful?
Previous

NetBackup job fails because of unavailable resource

Next

Determining a NetBackup host's certificate state

Feedback

Was this page helpful?