Adding a trusted master server using external CA-signed certificate
You can now establish a trust between source and target master servers using an external CA-signed certificate.
For more information on the external CA support, refer to the NetBackup Security and Encryption Guide.
See About the certificate to be used for adding a trusted master server.
Note:
The NetBackup Administration Console does not support adding a trusted master server using an external certificate.
If you try to add a trusted master server with an external certificate using the NetBackup Administration Console, an error is displayed.
To add a trusted master server using an external certificate
- Configure the following external certificate configuration options on the source master server:
ECA_CERT_PATH
ECA_PRIVATE_KEY_PATH
ECA_TRUST_STORE_PATH
ECA_KEY_PASSPHRASEFILE (optional)
Note:
In case of Windows certificate store, configure only the ECA_CERT_PATH configuration option.
- Run the nbseccmd -setuptrustedmaster command on the source master server.
For more information on the commands, refer to the NetBackup Commands Reference Guide.
If the source and target master servers are configured with external certificates that are issued by different certificate authorities, refer to the following section from the NetBackup Deduplication Guide: Configuring external CA for secure communication between the source MSDP storage server and the target MSDP storage server.