NetBackup 8.2 does not use the External Certificate Authority (ECA) for port 8443 after enrolling certificates.
Problem
After configuring the External Certificate Authority (ECA) on a NetBackup 8.2 server a port scan still shows it is using the default NetBackup CA on Port 8443.
Cause
Port 8443 is used by vCenter plugin so the "configureCertsForPlugins" command must be used.
Solution
The below steps should ONLY BE RAN if you have already configured the NetBackup 8.2 server to use ECA's. For more information on configuring ECA's see Veritas NetBackup™ Security and Encryption Guide: UNIX, Windows, and Linux.
- Run the ecaHealthCheck to make sure your entries in the configuration files are still good:
nbcertcmd.exe -ecahealthcheck
- To configure the ECA for port 8443:
Windows:
<Install_Path>NetBackup\wmc\bin\install\configureCertsForPlugins.bat -registerExternalCert -certPath [Configuration Entry for ECA_CERT_PATH] -privateKeyPath [Configuration Entry for ECA_PRIVATE_KEY_PATH] -trustStorePath [Configuration Entry for ECA_TRUST_STORE_PATH]
Unix:
# /usr/openv/wmc/bin/install/configureCertsForPlugins -registerExternalCert -certPath [Configuration Entry for ECA_CERT_PATH] -privateKeyPath [Configuration Entry for ECA_PRIVATE_KEY_PATH] -trustStorePath [Configuration Entry for ECA_TRUST_STORE_PATH]
Note: For more information on theconfigureCertsForPluginscommand, please see theconfigureCertsForPluginspage in our Veritas NetBackup™ Commands Reference Guide.
- Restart the "NetBackup Web Management Console" service.
Windows:
OpenServicesand manually restart theNetBackup Web Management Consoleservice
Unix:
# nbwmc stop; nbwmc start
- Run a security scan and/or use the below command to confirm that your NetBackup server is displaying the ECA on port 8443:
Windows:
<Install_Path>\NetBackup\bin\goodies\vxsslcmd.exe s_client -connect [master_hostname]:8443 -showcerts
Unix:
# /usr/openv/netbackup/bin/goodies/vxsslcmd s_client -connect [master_hostname]:8443 -showcerts
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.