Veritas NetBackup™ Read This First Guide for Secure Communications

Last Published:
Product(s): NetBackup (8.1)

About secure communications in NetBackup

NetBackup 8.1 hosts can communicate with each other only in a secure mode.

NetBackup uses Transport Layer Security (TLS) protocol for host communication where each host needs to present its security certificate and validate the peer host's certificate against the Certificate Authority (CA) certificate.

In NetBackup 8.1, each host must establish trust with the CA after which a CA certificate is added in the trust store. Each NetBackup 8.1 host must also have a host ID-based certificate for successful communication.

A host ID-based certificate is deployed on a host during NetBackup installation. If, for some reason, a certificate cannot be deployed on a host during installation, the host cannot communicate with other hosts. In that case, you must manually deploy a host ID-based certificate on the host using the nbcertcmd command to start host communication after installation.

The following nodes in the NetBackup Administration Console provide secure communication settings: Host Management and Global Security Settings.

The following commands provide options to manage certificate deployment and other security settings: nbhostmgmt, nbhostidentity, nbcertcmd, and nbseccmd.

If you have NetBackup 8.0 or earlier hosts in your environment, you can enable insecure communication with them.

See How NetBackup 8.1 hosts communicate with NetBackup 8.0 and earlier hosts.


A host name-based certificate is required in the following scenarios:

  • NetBackup Access Control or NBAC-enabled hosts require a host name-based certificate.

  • Enhanced Auditing operations require that the hosts have a host name-based certificate.

  • The NetBackup CloudStore Service Container requires that the host name-based certificate be installed on the media server.