Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. Veritas NetBackup™ Administrator's Guide, Volume I
  5. Section II. Configuring hosts
  7. Configuring Host Properties
  9. Configuration options for NetBackup servers
  11. ECA_CERT_PATH for NetBackup servers and clients
  13. Specifying Windows certificate store for ECA_CERT_PATH
Veritas NetBackup™ Administrator's Guide, Volume I

Specifying Windows certificate store for ECA_CERT_PATH

NetBackup selects a certificate from any of the local machine certificate stores on a Windows host.

In case of Windows certificate store, ECA_CERT_PATH is a list of comma-separated clauses.

Each clause is of the form Store name\Issuer\Subject. Each clause element contains a query.

$hostname is a keyword that is replaced with the fully qualified domain name of the host. Use double quotes when a \ is present in the actual path. For example, MY\Veritas\"NetBackup\$hostname".

$shorthostname is a keyword that is replaced with the short name of the host. Use double quotes when a \ is present in the actual path. For example, MY\Veritas\"NetBackup\$shorthostname".

The 'Store name' should be the exact name of the store where the certificate resides. For example: 'MY'

The 'Issuer' is optional. If this is provided, NetBackup picks the certificates for which the Issuer DN contains the provided substring.

The 'Subject' is mandatory. NetBackup picks the certificate for which the Subject DN contains the provided substring.

You must ensure to:

  • Add the root certificate to Trusted Root Certification Authorities or Third-Party Root Certification Authorities in the Windows certificate store.

  • If you have any intermediate CAs, add their certificates to the Intermediate Certification Authorities in the Windows certificate store.

Example - Certificate locations with WHERE CLAUSE:

  • My\Veritas\$hostname, My\ExampleCompany\$hostname

    Where (certificate store is MY, Issuer DN contains Veritas, Subject DN contains $hostname) OR (certificate store name is MY, Issuer DN contains ExampleCompany, Subject DN contains $hostname)

  • MY\Veritas\"NetBackup\$hostname"

    Where certificate store name is MY, Issuer DN contains Veritas, Subject DN contains NetBackup\$hostname

  • MY\\$hostname

    Where certificate store name is MY, any Issuer DN, Subject DN contains $hostname

  • MY\\$shorthostname

    Where certificate store name is MY, any Issuer DN, Subject DN contains $shorthostname

  • MY\Veritas\NetBackup $hostname

    Where certificate store name is MY, Issuer DN contains Veritas, Subject DN contains NetBackup $hostname

If you provide a space between words, it is considered as a valid character.

Example - Certificate locations with invalid data:

  • MY\\

    The Subject DN should have some value.

  • My\$hostname

    The Subject DN should have some value.

  • \\$hostname

    The certificate store name should have exact value of the store in which the certificate resides.

  • MY\CN=Veritas\CN=$hostname

    The Subject DN and issuer DN cannot contain =, and also specific tags like CN=.

Feedback

Was this page helpful?
Previous

ECA_CERT_PATH for NetBackup servers and clients

Next

ECA_CRL_CHECK for NetBackup servers and clients

Feedback

Was this page helpful?