Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. Veritas NetBackup™ Cloud Administrator's Guide
  5. Configuring cloud storage in NetBackup
  7. Deploying host ID-based certificates
Veritas NetBackup™ Cloud Administrator's Guide

Deploying host ID-based certificates

Depending on the certificate deployment security level, a non-master host may require an authorization token before it can obtain a host ID-based certificate from the Certificate Authority (master server). When certificates are not deployed automatically, they must be deployed manually by the administrator on a NetBackup host using the nbcertcmd command.

The following topic describes the deployment levels and whether the level requires an authorization token.

Deploying when no token is needed

Use the following procedure when the security level is such that a host administrator can deploy a certificate on a non-master host without requiring an authorization token.

To generate and deploy a host ID-based certificate when no token is needed

  1. The host administrator runs the following command on the non-master host to establish that the master server can be trusted:

    nbcertcmd -getCACertificate

  2. Run the following command on the non-master host:

    nbcertcmd -getCertificate

    Note:

    To communicate with multiple NetBackup domains, the administrator of the host must request a certificate from each master server using the -server option.

    Run the following command to get a certificate from a specific master server:

    nbcertcmd -getCertificate -server master_server_name

  3. To verify that the certificate is deployed on the host, run the following command:

    nbcertcmd -listCertDetails

Deploying when a token is needed

Use the following procedure when the security level is such that a host requires an authorization token before it can deploy a host ID-based certificate from the CA.

To generate and deploy a host ID-based certificate when a token is required

  1. The host administrator must have obtained the authorization token value from the CA before proceeding. The token may be conveyed to the administrator by email, by file, or verbally, depending on the various security guidelines of the environment.
  2. Run the following command on the non-master host to establish that the master server can be trusted:

    nbcertcmd -getCACertificate

  3. Run the following command on the non-master host and enter the token when prompted:

    nbcertcmd -getCertificate -token

    Note:

    To communicate with multiple NetBackup domains, the administrator of the host must request a certificate from each master server using the -server option.

    If the administrator obtained the token in a file, enter the following:

    nbcertcmd -getCertificate -file authorization_token_file

  4. To verify that the certificate is deployed on the host, run the following command:

    nbcertcmd -listCertDetails

    Use the -cluster option to display cluster certificates.

Feedback

Was this page helpful?
Previous

Deploying host name-based certificates

Next

About data compression for cloud backups

Feedback

Was this page helpful?