NetBackup™ Web UI Security Administrator's Guide
- Introducing the NetBackup web user interface
- Managing role-based access control
- Steps to create an object group
- Adding AD or LDAP domains
- Security events and audit logs
- Managing hosts
- Managing security certificates
- Managing user sessions
- Managing master server security settings
- Creating and using API keys
- Configuring smart card authentication
- Troubleshooting access to the web UI
Managing NetBackup security certificates
Note:
The information here only applies to the security certificates that are issued by the NetBackup certificate authority (CA). More information is available for external certificates.
You can view and revoke NetBackup certificates and view information about the NetBackup CA. More detailed information about NetBackup certificate management and certificate deployment is available in the NetBackup Security and Encryption Guide.
You can view details of all host ID-based NetBackup certificates that are issued to NetBackup hosts. Note that only 8.1 and later NetBackup hosts have host ID-based certificates. The
list does not include any NetBackup 8.0 or earlier hosts.To view a NetBackup certificate
- On the left, select Security > Certificates.
- Click NetBackup certificates.
- To view additional certificate details for a host, click on a host name.
When you revoke a NetBackup host ID-based certificate, NetBackup revokes any other certificates for that host. NetBackup ceases to trust the host, and it can no longer communicate with the other NetBackup hosts.
You may choose to revoke a host ID-based certificate under various conditions. For example, if you detect that client security has been compromised, if a client is decommissioned, or if NetBackup is uninstalled from the host. A revoked certificate cannot be used to communicate with master server web services.
Security best practices suggest that the NetBackup security administrator explicitly revoke the certificates for any host that is no longer active. This action should be taken regardless of whether the certificate is still deployed on the host, or whether it has been successfully removed from the host.
Note:
Do not revoke a certificate of the master server. If you do, NetBackup operations may fail.
To revoke a NetBackup CA certificate
- On the left, select Security > Certificates.
- Click NetBackup certificates.
- Click on the host name that is associated with the certificate that you want to revoke.
- Click Revoke Certificate > Yes.
For secure communication with the NetBackup certificate authority (CA) on the master server, a host's administrator must add the CA certificate to an individual host's trust store. The master server administrator must give the fingerprint of the CA certificate to the administrator of the individual host.
To view the NetBackup certificate authority details and fingerprint
- On the left, select Security > Certificates.
- Click NetBackup certificates.
- In the toolbar, click Certificate authority.
- Find the Fingerprint information and click Copy to clipboard.
- Provide this fingerprint information to the host's administrator.