Veritas NetBackup™ Appliance Security Guide
- About the NetBackup appliance Security Guide
- User authentication
- About user authentication on the NetBackup appliance
- About configuring user authentication
- About user name and password specifications
- User authorization
- Intrusion prevention and intrusion detection systems
- Log files
- Operating system security
- Data security
- Web security
- Network security
- Call Home security
- About AutoSupport
- About Call Home
- About SNMP
- Remote Management Module (RMM) I security
- STIG and FIPS conformance
- Appendix A. Security release content
About SSL usage
The Secure Socket Layer (SSL) protocol creates an encrypted connection between the appliance web server and the appliance web console, and other local servers. This type of connection allows for a more secure information transfer without the problems of eavesdropping, data tampering, or message forgery. To enable SSL on the appliance web server, you need an SSL certificate that identifies the appliance host.
The appliance uses self-signed certificates for client and host validation. The appliance certificate is generated using a 2048 bit RSA public key that is hashed with the SHA256 algorithm and signed with RSA encryption. For secure communications, the appliance uses only TLS v1.2 and later protocol.
Warnings such as SSL Certificate Cannot be Trusted or SSL Self-Signed Certificate can be avoided by replacing the default self-signed certificate with a custom CA issued certificate.
SSL certificates are also supported for secure communications between the appliance and various external servers, such as LDAP and Syslog.
You can manually add and implement third-party certificates for the web service support. The certificates are used for SSL encryption and authentication.
Starting with appliance release 3.1.2, you must install a root CA SSL certificate manually as follows:
On each NetBackup master server with version 8.1.2 and later, or on each NetBackup Appliance master server with version 3.1.2 and later that is managing one or more NetBackup Appliance media servers with version 3.1.2 and later.
Obtain the root CA SSL certificate for the CA that has signed your 3rd party SSL certificates.
The root CA SSL certificate is loaded into a Java truststore that is used by the NetBackup Web Management Console. This truststore is part of the NetBackup catalog backup.
To implement third-party certificates that you have created, see the following topic: