Configuring an external certificate for a host after a disaster when the certificate from Windows certificate store was not backed up
Use this article if you used Windows certificate store as an external certificate source before the disaster and if the external certificate was not backed up during catalog backup.
This scenario is specific to non-clustered master server setup.
Use the following procedure to configure (enroll) an external CA-signed certificate for a NetBackup host with the master server domain. The enrolled certificate is used for host communication.
Important notes
- Ensure that the NetBackup domain is enabled to use external CA-signed certificates by configuring the NetBackup web server.
- It is recommended that you enroll an external certificate for the master server host before you enroll one for other hosts.
- Ensure that the
For more details, refer to the NetBackup Security and Encryption Guide.
To enroll an external certificate for a host with the master server domain
- Update the configuration file (bp.conf file or Windows registry) with the required external certificate-specific parameters on the host (media server or client):
For more details on the parameters, refer to the NetBackup Administrator's Guide, Volume I.
Use the nbsetconfig command to configure the following parameters:
For Windows certificate store:
- ECA_CERT_PATH
- ECA_MASTER_SERVER_LIST (this is applicable only for NetBackup 8.1.2.1, which is a limited availability release)
- ECA_CRL_CHECK (optional)
- ECA_CRL_PATH (optional)
- ECA_CRL_PATH_SYNC_HOURS (optional)
- ECA_CRL_REFRESH_HOURS (optional)
- ECA_DR_BKUP_WIN_CERT_STORE (optional)
For file-based certificates:
- ECA_CERT_PATH
- ECA_PRIVATE_KEY_PATH
- ECA_KEY_PASSPHRASEFILE (optional)
- ECA_TRUST_STORE_PATH
- ECA_MASTER_SERVER_LIST (this is applicable only for NetBackup 8.1.2.1, which is a limited availability release)
- ECA_CRL_CHECK (optional)
- ECA_CRL_PATH (optional)
- ECA_CRL_PATH_SYNC_HOURS (optional)
- ECA_CRL_REFRESH_HOURS (optional)
- Run the following command on the host:
nbcertcmd -enrollCertificate
The enrolled certificate is used for communication between this host and the associated master server.
For more details on the command, refer to the NetBackup Commands Reference Guide.
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.