NetBackup™ Upgrade Guide
- Introduction
- About changes in NetBackup 10.5
- Planning for an upgrade
- General upgrade planning information
- About upgrade tools
- Upgrade operational notes and limitations
- General upgrade planning information
- Primary server upgrade
- Media server upgrade
- MSDP upgrade for NetBackup
- Client upgrade
- NetBackup Deployment Management with VxUpdate
- Appendix A. Reference
- About pushing client software from a primary server to clients
Generate a certificate on the inactive nodes of a clustered primary server
After finishing a clustered primary server installation or upgrade, you must generate a certificate on all inactive nodes. This procedure is required for backups and restores of the inactive node of the cluster to succeed.
Generating the certificate on the inactive nodes in a clustered primary server
Unless otherwise indicated, all commands are issued from the inactive node
- (Conditional) Add all inactive nodes to the cluster.
If all the nodes of the cluster are not currently part of the cluster, start by adding them to the cluster. Please consult with your operating system cluster instructions for assistance with this process.
- Run the nbcertcmd command to store the Certificate Authority certificate on the inactive node.
Linux: /usr/openv/netbackup/bin/nbcertcmd -getCACertificate
Windows: install_path\NetBackup\bin\nbcertcmd -getCACertificate
- Run the nbcertcmd command to generate the host certificate on the inactive node.
nbcertcmd -getCertificate
- (Conditional) If the nbcertcmd -getCertificate command fails with an error message indicating that a token is needed, you need a token from the Certificate Authority. Use the steps that are shown to get and correctly use the token.
On the active node, use the bpnbat command as shown to authorize the necessary changes. When you are prompted for the authentication broker, enter the virtual server name, not the local node name.
bpnbat -login -loginType WEB
On the active node, use the nbcertcmd command to create a token.
nbcertcmd -createToken -name token_name
The token name is not important to this procedure. When the command runs, it displays the token string value. Note this value as it is necessary for the next command.
On the inactive node, use the authorization token with the nbcertcmd command to store the host certificate.
nbcertcmd -getCertificate -token
This command prompts you for the token string value. Enter the token string from the nbcertcmd -createToken command.
Additional information about certificates is available. Please see the section on deploying certificates on primary server nodes in the NetBackup Security and Encryption Guide.