Deploying host name-based certificates
This is applicable for media server versions 7.7.x to 8.1.2 only.
You can deploy the required host name-based security certificate for the NetBackup media servers that you use for cloud storage. Each media server that you use for cloud storage runs the NetBackup CloudStore Service Container.
See About the NetBackup CloudStore Service Container.
You can deploy a certificate for an individual media server or for all media servers. Media servers that you use for cloud storage must have a host name-based security certificate.
Note:
Ensure the following before you deploy a host-name based certificate:
All nodes of the cluster have a host ID-based certificate.
All Fully Qualified Domain Names (FQHN) and short names for the cluster nodes are mapped to their respective host IDs.
This procedure works well when you deploy host name-based security certificates to many hosts at one time. As with NetBackup deployment in general, this method assumes that the network is secure.
To deploy a host name-based security certificate for media servers
- Run the following command on the master server, depending on your environment. Specify the name of an individual media server or specify -AllMediaServers.
On Windows: install_path\NetBackup\bin\admincmd\bpnbaz -ProvisionCert host_name|-AllMediaServers
On UNIX: /usr/openv/netbackup/bin/admincmd/bpnbaz -ProvisionCert host_name|-AllMediaServers
NetBackup appliance (as a NetBackupCLI user): bpnbaz -ProvisionCert Media_server_name
- Restart the NetBackup Service Layer (nbsl) service on the media server.
Note:
In you use dynamic IPs on the hosts (DHCP), ensure that the host name and the IP address are correctly listed on the master server. To do so, run the following NetBackup bpclient command on the master server:
On Windows: Install_path\NetBackup\bin\admincmd\bpclient -L -All
On UNIX: /usr/openv/netbackup/bin/admincmd/bpclient -L -All