Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. Veritas NetBackup™ Deduplication Guide
  5. Configuring deduplication to the cloud with NetBackup Cloud Catalyst
  7. Configuring a Cloud Catalyst storage server for deduplication to the cloud
  9. Certificate validation using Online Certificate Status Protocol (OCSP)
Veritas NetBackup™ Deduplication Guide

Certificate validation using Online Certificate Status Protocol (OCSP)

For all the cloud providers, Cloud Catalyst provides a capability to verify the SSL certificates. Cloud Catalyst uses a combination of Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP). During initial configuration, Cloud Catalyst cloud connectors perform certificate validation using CRL. After initial configuration, Cloud Catalyst uses OCSP for securing calls during data transfer to and from the cloud. OCSP can be enabled along with CRL and if SSL and CRL options are enabled, each externally signed SSL certificate is verified using the OCSP. If the certificate is revoked, Cloud Catalyst does not connect to the cloud provider.

You can enable validation using OCSP in the same way as CRL. Refer to Certificate validation against Certificate Revocation List (CRL) in NetBackup Cloud Administrator's Guide for more details.

Requirements for enabling the certificate validation using OCSP:

  • OCSP responder endpoints are HTTP. Disable any firewall rule that blocks HTTP (port 80) connection to external network. For example, http://ocsp.msocsp.com.

  • OCSP responder URL is dynamically fetched from the certificate. Disable any firewall rule that blocks unknown URLs.

  • OCSP responder URL must be present in the x.509 certificate. The type of OCSP responder URL must be HTTP.

  • Private Clouds typically have a self-signed certificate and don't need certificate verification. The OCSP check is skipped in this case, regardless of whether CRL or OCSP is enabled or not.

Note:

When a storage server has SSL enabled, the OCSP validation is enabled by default when you upgrade to NetBackup Cloud Catalyst 8.2.1.

Feedback

Was this page helpful?
Previous

Configuring a Cloud Catalyst storage server as the target for the deduplications from MSDP storage servers

Next

Managing Cloud Catalyst storage server with IAM Role or CREDS_CAPS credential broker type

Feedback

Was this page helpful?