Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. Veritas NetBackup™ Add-in for Microsoft SCVMM Console Guide
  5. Installing the NetBackup Add-in for SCVMM
  7. Configuring the add-in for an external certificate
Veritas NetBackup™ Add-in for Microsoft SCVMM Console Guide

Configuring the add-in for an external certificate

The add-in communicates with the NetBackup master server securely by means of certificate-based authentication. By default, the master server uses NetBackup CA-signed certificates. As an alternative, the master server can be configured to use an externally issued certificate. In that case, use the following procedure to configure the add-in for the external certificate.

Configure the add-in for an external certificate

  1. Enter the following command on the master server:

    Windows

    install_path\NetBackup\wmc\bin\install\configureCertsForPlugins.bat
-registerExternalCert -certPath "path_to_external_certificate_file"
-privateKeyPath "path_to_certificate_key_file"
-trustStorePath "path_to_ca_certificate_file"

    UNIX, Linux

    /usr/openv/wmc/bin/install/configureCertsForPlugins
-registerExternalCert -certPath "path_to_external_certificate_file"
-privateKeyPath "path_to_certificate_key_file"
-trustStorePath "path_to_ca_certificate_file"

    For example:

    configureCertsForPlugins.bat -registerExternalCert -certPath "c:\server.pem" -privateKeyPath "c:\key.pem" -trustStorePath "c:\intermediateOrRootCA.pem"

    This command configures the add-in to use the external certificate by importing the certificate into the keystore on the master server. The command options are as follows:

    • -certPath: Specifies the path to the certificate for the web server. This file should have a single certificate in PEM format.

    • -privateKeyPath: Specifies the path to the private key for the web server certificate.

    • -trustStorePath: Specifies the path to the certificate of the intermediate or root certification authority that has issued the web server certificate. This file should have a single certificate in PEM format. The subject of this certificate should match the issuer of the web server certificate.

      For further information on external certificates, see the NetBackup Security and Encryption Guide.

  2. Restart the NetBackup Web Management Console service on the master server.

    In the Activity Monitor of the NetBackup Administration Console: Click the Daemons tab, right-click the service, and click Stop Daemon. When the service has stopped, click Start Daemon.

  3. Renew the authentication token on the master server:

    See Renewing an authorization token.

    Note:

    Perform this step for each add-in that needs to communicate with the master server.

  4. On the add-in, remove the existing master server and then add the master server that now has the renewed token:

    See Authorizing the NetBackup add-in to restore virtual machines.

Feedback

Was this page helpful?
Previous

Installation message regarding localized environments

Next

Reconfiguring the add-in for a NetBackup CA-signed certificate

Feedback

Was this page helpful?