Finding and communicating the fingerprint of the certificate authority
The master server administrator must find the fingerprint of the CA certificate and communicate it to the administrator of the individual host so that the host can add the CA certificate to its trust store.
To find the fingerprint of the CA certificate
- The master server administrator can find the fingerprint using the NetBackup Administration Console or the command line:
Expand Security Management > Certificate Management.
On the Actions menu, select View Certificate Authority. The Certificate Authority Details dialog appears.
The following information is displayed:
If multiple CA certificates are displayed, use the Subject Name.
- The master server administrator communicates the fingerprint to the host administrator by email, by file, or on an internal web site.
The host administrator uses the fingerprint value to verify the fingerprint that is displayed when the host runs nbcertcmd -getCACertificate. This verifies the authenticity of the CA certificate.
The vssat command can also be used to view the CA certificate fingerprint. Use vssat with the following options:
vssat showcred -p nbatd
However, note the following differences between using nbcertcmd -listCACertDetails and vssat:
vssat displays the fingerprint as a hash and does not include colon separators.
If the host trusts multiple Certificate Authorities, the nbcertcmd command displays all CA certificates. The Subject Name displays the identity of the CA.