Veritas NetBackup™ Appliance Security Guide
- About the NetBackup appliance Security Guide
- User authentication
- User authorization
- Intrusion prevention and intrusion detection systems
- Log files
- Operating system security
- Data security
- Web security
- Network security
- Call Home security
- IPMI security
- STIG compliance
- Appendix A. Security release content
About SSL certification
The Secure Socket Layer (SSL) protocol creates an encrypted connection between the appliance web server and the LDAP server or other local servers. This type of connection allows for a more secure information transfer without the problems of eavesdropping, data tampering, or message forgery. To enable SSL on your NetBackup Appliance Web Console, you need an SSL certificate that identifies you and installs it on the appliance web server.
The appliance uses self-signed certificates for client and host validation. The key algorithm that is used to generate the SSL certificate key is SHA-256 with RSA. All low strength ciphers, such as SSLv2 and Diffie-Hellman are disabled.
Note:
Vulnerability reports such as SSL Certificate Cannot Be Trusted and SSL Self-Signed Certificate can be ignored, because the appliance is designed to use self-signed certificates.
You can also set the SSL certificates for an LDAP PAM Authentication module to establish a secure connection between the appliance LDAP PAM module and the LDAP server.
You can manually add and implement third-party certificates for the web service support. The appliance uses the Java Keystore (JKS) as the repository for security certificates. The certificates are used for SSL encryption.
To implement third-party certificates that you have created, contact Veritas Technical Support for assistance and inform the representative to reference the following documents:
Article 000103435 (for appliance software versions up to 2.6.1.2)
Article 000108157 (for appliance software versions 2.7.1 and later)