Managing Certification Authorities (CA) for NetBackup Cloud
NetBackup cloud supports only X.509 certificates in .PEM (Privacy-enhanced Electronic Mail) format.
You can find the details of the Certification Authorities (CAs) in the cacert.pem bundle at following location:
Windows:
install_path\Veritas\NetBackup\var\global\wmc\cloud\cacert.pemOn media server versions 7.7.x to 8.1.2, the path is
install_path\Veritas\NetBackup\db\cloud\cacert.pem.UNIX:
/usr/openv/var/global/wmc/cloud/cacert.pemOn media server versions 7.7.x to 8.1.2, the path is
/usr/openv/netbackup/db/cloud/cacert.pem.
Note:
In a cluster deployment, NetBackup database path points to the shared disk, which is accessible from the active node.
You can add or remove a CA from the cacert.pem bundle.
After you complete the changes, when you upgrade to a new version of NetBackup, the cacert.pem bundle is overwritten by the new bundle. All the entries that you may have added or removed are lost. As a best practice, keep a local copy of the edited cacert.pem file. You can use the local copy to override the upgraded file and restore your changes.
To add a CA
You must get a CA certificate from the required cloud provider and update it in the cacert.pem file. The certificate must be in .PEM format.
- Open the
cacert.pemfile. - Append the self-signed CA certificate on a new line and at the beginning or the end of the
cacert.pemfile.Add the following information block:
Certificate Authority Name
==========================
- - - - - BEGIN CERTIFICATE - - - - -
<Certificate content>
- - - - - END CERTIFICATE - - - - -
- Save the file.
To remove a CA
Before you remove a CA from the cacert.pem file, ensure that none of the cloud jobs are using the related certificate.
- Open the
cacert.pemfile. - Remove the required CA. Remove the following information block:
Certificate Authority Name
==========================
- - - - - BEGIN CERTIFICATE - - - - -
<Certificate content>
- - - - - END CERTIFICATE - - - - -
- Save the file.
AddTrust External Root
Baltimore CyberTrust Root
Cybertrust Global Root
DigiCert Assured ID Root CA
DigiCert Assured ID Root G2
DigiCert Assured ID Root G3
DigiCert Global CA G2
DigiCert Global Root CA
DigiCert Global Root G2
DigiCert Global Root G3
DigiCert High Assurance EV Root CA
DigiCert Trusted Root G4
D-Trust Root Class 3 CA 2 2009
GeoTrust Global CA
GeoTrust Primary Certification Authority
GeoTrust Primary Certification Authority - G2
GeoTrust Primary Certification Authority - G3
GeoTrust Universal CA
GeoTrust Universal CA 2
RSA Security 2048 v3
Starfield Services Root Certificate Authority - G2
Thawte Primary Root CA
Thawte Primary Root CA - G2
Thawte Primary Root CA - G3
VeriSign Class 1 Public Primary Certification Authority - G3
VeriSign Class 2 Public Primary Certification Authority - G3
Verisign Class 3 Public Primary Certification Authority - G3
VeriSign Class 3 Public Primary Certification Authority - G4
VeriSign Class 3 Public Primary Certification Authority - G5
VeriSign Universal Root Certification Authority