NetBackup™ Web UI Security Administrator's Guide
- Introducing the NetBackup web user interface
- Managing role-based access control
- About role-based access control (RBAC) in NetBackup
- NetBackup default RBAC roles
- Configuring RBAC
- Add a custom role
- Edit or delete a custom role
- Add an object group
- Previewing the assets, application servers, or protection plans for an object group
- Edit or delete an object group
- Add access for a user through access rules
- Edit or remove user access rules
- How can I limit role permissions to specific objects or assets?
- Security events and audit logs
- Managing host mappings and certificates
- About security management and certificates in NetBackup
- NetBackup host IDs and host ID-based certificates
- View NetBackup host information
- Approve or add mappings for a host that has multiple host names
- Reissue a certificate when a host's certificate is no longer valid
- Remove mappings for a host that has multiple host names
- Reset a host's attributes
- Managing global security settings
- Troubleshooting the web UI
Reissue a certificate when a host's certificate is no longer valid
In some cases a host's certificate is no longer valid. For example, if a certificate is expired, revoked, or is lost. You can reissue a certificate either with or without a reissue token.
A reissue token is a type of authorization token that is used to reissue a certificate. When you reissue a certificate, the host gets the host ID same as the original certificate.
If you need to reissue a host's certificate and want a more secure method to do so, you can create an authorization token that the host administrator must use to obtain a new certificate. This reissue token retains the same host ID as the original certificate. The token can only be used once. Because it is associated to a specific host, the token cannot be used to request certificates for other hosts.
To reissue a certificate for a host
- On the left, select Security > Hosts.
- Select the host and click Generate reissue token.
- Enter a token name and indicate how long the token should be valid for.
- Click Create.
- Click Copy to clipboard and click Close.
- Share the authorization token so the host's administrator can obtain a new certificate.
In certain scenarios, like BMR client restore, you need to reissue a certificate without a reissue token. The option enables you to reissue a certificate without requiring a token.
To allow a certificate reissue, without a token
- On the left, select Security > Hosts.
- Select the host and click Allow auto reissue certificate > Allow.
Once you set the Allow auto reissue certificate option, a certificate can be reissued without a token within the next 48 hours, which is the default setting. After this window to reissue expires, the certificate reissue operation requires a reissue token.
After you allow a certificate reissue without a token, you can revoke this ability before the window to reissue expires. By default, the window is 48 hours.
To revoke the ability to reissue a certificate without a token
- On the left, select Security > Hosts.
- Select the host and click Revoke auto reissue certificate > Revoke.