Please enter search query.
Search <product_name> all support & community content...
Additional steps needed to deploy certificates on the inactive nodes of a cluster after the install or upgrade to NetBackup 8.1.
Article: 100039875
Last Published: 2017-09-17
Ratings: 0 0
Product(s): NetBackup & Alta Data Protection
Problem
Upon completing the install or upgrade to NetBackup 8.1 on the inactive nodes of a clustered master server there are additional steps that may need to be performed. On Windows systems the following message is displayed to help highlight that additional steps required:Warning: You may need to issue host ID-based/host name-based
certificates for each cluster node. For details, refer to KB: 100039650
On UNIX systems no such message is displayed at the end of the install. The additional steps to deploy certificates still need to be performed on all platforms.
Error Message
No error messages are displayed.Cause
Due to the new security enhancements in NetBackup 8.1 host certificates will need to be created prior to using NetBackup.Solution
The additional steps required to be performed on the inactive node(s) of a clustered master server are documented in the NetBackup version 8.1 Installation Guide in the section titled: " Generate a certificate on the inactive nodes of a clustered master server"Those steps are listed here as well:
1 (Conditional). Add all inactive nodes to the cluster.
If all the nodes of the cluster are not currently part of the cluster, start by adding them to the cluster. Please consult with your operating system cluster instructions for assistance with this process.
2. Run the nbcertcmd command to store the Certificate Authority certificate on the inactive node.
UNIX:
/usr/openv/netbackup/bin/nbcertcmd -getCACertificate
Windows:
<install_path>\NetBackup\bin\nbcertcmd -getCACertificate
3. Run the nbcertcmd command to generate the host certificate on the inactive node.
nbcertcmd -getCertificate
4. (Conditional) If the nbcertcmd -getCertificate command fails with an error message indicating that a token is needed, you need a token from the Certificate Authority. Use the steps that are shown to get and correctly use the token.
- On the active node, use the bpnbat command as shown to authorize the necessary changes. When you are prompted for the authentication broker, enter the virtual server name, not the local node name.
bpnbat -login -loginType WEB
- On the active node, use the nbcertcmd command to create a token.
nbcertcmd -createToken -name token_name
The token name is not important to this procedure. When the command runs, it displays the token string value. Note this value as it is necessary for the next command.
- On the inactive node, use the authorization token with the nbcertcmd command to store the host certificate.
nbcertcmd -getCertificate -token
This command prompts you for the token string value. Enter the token string from the nbcertcmd -createToken command.
Additional information about certificates is available. Please see the section on deploying certificates on master server nodes in the Veritas NetBackup Security and Encryption Guide.
The steps needed are also documented in article 000127129 (see Related Articles link).
Related Knowledge Base Articles
References
Etrack : 3928960
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.