Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. Veritas NetBackup™ Deduplication Guide
  5. Configuring deduplication
  7. Configuring MSDP replication to a different NetBackup domain
  9. Configuring external CA for secure communication between the source MSDP storage server and the target MSDP storage server
Veritas NetBackup™ Deduplication Guide

Configuring external CA for secure communication between the source MSDP storage server and the target MSDP storage server

MSDP now supports use of an external CA for secure communication between two media servers that are from two different NetBackup domains. The secure communication is set up when you run Auto Image Replication (A.I.R.). If the two media servers use different external CAs, then you must exchange the external certificates before you use Auto Image Replication.

To exchange the external certificates, complete the following steps:

  1. Copy the root certificate file from the source MSDP storage server to the target MSDP storage server. Combine the certificate files on the target MSDP storage server.

  2. Copy the root certificate file from the target MSDP storage server to the source MSDP storage server. Combine the certificate files on the source MSDP storage server.

If the Windows certificate store is used to store the root certificate, add the root certificate to the certificate store. You can use the certutil tool to add the root certificate to the certificate store, or just right-click the root certificate file and select Install Certificate. When you use the certutil tool to install the root certificate, the store name parameter must be Root. When you use Windows explorer to install the root certificate, the store location must be Local Machine and store name must be Trusted Root Certification Authorities.

Feedback

Was this page helpful?
Previous

Configuring NetBackup CA and NetBackup host ID-based certificate for secure communication between the source and the target MSDP storage servers

Next

Configuring a target for MSDP replication to a remote domain

Feedback

Was this page helpful?