Description
This article provides a set of instructions to obtain new NetBackup issued certificates in a NetBackup environment.
The steps in this article do not apply for domains that are using ECAs (custom certificates) from an external provider.
Note: NetBackup 8.x and 9.x environments may have additional requirements, please refer to the article below if the installed version is not 10.0 or higher:
https://www.veritas.com/support/en_US/article.100044601
Clients / Media servers:
Perform the following commands on each Media Server and Client to obtain the new certificate:
UNIX/Linux: /usr/openv/netbackup/bin/nbcertcmd -getCACertificate
/usr/openv/netbackup/bin/nbcertcmd -getCertificate -force
Windows: <install_path>\NetBackup\bin\nbcertcmd -getCACertificate
<install_path>\NetBackup\bin\nbcertcmd -getCertificate -force
Note: If the NetBackup Clients are in cluster environments, perform the above commands on each node.
For NetBackup Primary servers:
== Non-Cluster Aware ==
UNIX/Linux:
- /usr/openv/netbackup/bin/nbwmc -terminate
- /usr/openv/netbackup/bin/admincmd/nbcertconfig -u -i
- /usr/openv/netbackup/bin/admincmd/nbcertconfig -m
- /usr/openv/netbackup/bin/admincmd/nbcertconfig -t -f
- /usr/openv/netbackup/bin/admincmd/nbcertconfig -s -f
- /usr/openv/wmc/bin/install/configureWmc
- /usr/openv/wmc/bin/install/configureCerts
- /usr/openv/wmc/bin/install/setupWmc
- /usr/openv/netbackup/bin/nbwmc -start
- /usr/openv/netbackup/bin/nbcertcmd -getCACertificate
- /usr/openv/netbackup/bin/nbcertcmd -getCertificate -force
- If the operation fails, perform the steps at the "Create a token" section below then return to this step.
- Remove the /usr/openv/var/global/vxss/nbcertservice/install_token file
Windows:
- set WEBSVC_PASSWORD=<nbwebsvc password>
- C:\Windows\System32\sc.exe stop "NetBackup Web Management Console"
- <Install_Path>\NetBackup\bin\admincmd\nbcertconfig -u -i
- <Install_Path>\NetBackup\bin\admincmd\nbcertconfig -m
- <Install_Path>\NetBackup\bin\admincmd\nbcertconfig -t -f
- <Install_Path>\NetBackup\bin\admincmd\nbcertconfig -s -f
- <Install_Path>\NetBackup\wmc\bin\install\configureWmc
- <Install_Path>\NetBackup\wmc\bin\install\configureCerts
- <Install_Path>\NetBackup\wmc\bin\install\setupWmc
- C:\Windows\System32\sc.exe start "NetBackup Web Management Console"
- <Install_Path>\NetBackup\bin\nbcertcmd -getCACertificate
- <Install_Path>\NetBackup\bin\nbcertcmd -getCertificate -force
- If the operation fails, perform the steps at the "Create a token" section below then return to this step.
- Remove the <install_path>\NetBackup\var\global\vxss\nbcertservice\install_token file
== Cluster Aware ==
If the system is UNIX/Linux, freeze the cluster before starting.
UNIX/Linux: Clustered Master Server Active Node:
- /usr/openv/netbackup/bin/nbwmc -terminate
- /usr/openv/netbackup/bin/admincmd/nbcertconfig -u -i
- /usr/openv/netbackup/bin/admincmd/nbcertconfig -m
- /usr/openv/netbackup/bin/admincmd/nbcertconfig -t -f
- /usr/openv/netbackup/bin/admincmd/nbcertconfig -s -f
- /usr/openv/wmc/bin/install/configureWmc
- /usr/openv/wmc/bin/install/configureCerts
- /usr/openv/wmc/bin/install/setupWmc
- /usr/openv/netbackup/bin/nbwmc -start
- /usr/openv/netbackup/bin/nbcertcmd -getCACertificate
- /usr/openv/netbackup/bin/nbcertcmd -getCACertificate -cluster
- /usr/openv/netbackup/bin/nbcertcmd -getCertificate -cluster -force
- /usr/openv/netbackup/bin/nbcertcmd -getCertificate -force
- If the operation fails, perform the steps at the "Create a token" section below on this node then return to this step.
- Remove the /usr/openv/var/global/vxss/nbcertservice/install_token file
UNIX/Linux: Clustered Master Server Inactive Node:
1. /usr/openv/netbackup/bin/nbcertcmd -getCACertificate
2. /usr/openv/netbackup/bin/nbcertcmd -getCertificate -force
If the operation fails, perform the steps at the "Create a token" section below on this node then return to this step.
3. Remove the /usr/openv/var/global/vxss/nbcertservice/install_token file
Windows: Clustered Master Server Active Node:
- set WEBSVC_PASSWORD=<nbwebsvc password>
- Use Failover Cluster Manager to stop the "NetBackup Web Management Console"
- <install_path>\NetBackup\bin\admincmd\nbcertconfig -u -i
- <install_path>\NetBackup\bin\admincmd\nbcertconfig -m
- <Install_Path>\NetBackup\bin\admincmd\nbcertconfig -t -f
- <Install_Path>\NetBackup\bin\admincmd\nbcertconfig -s -f
- <install_path>\NetBackup\wmc\bin\install\configureWmc
- <install_path>\NetBackup\wmc\bin\install\configureCerts
- <install_path>\NetBackup\wmc\bin\install\setupWmc
- Use Failover Cluster Manager to start the "NetBackup Web Management Console"
- <install_path>\NetBackup\bin\nbcertcmd -getCACertificate
- <install_path>\NetBackup\bin\nbcertcmd -getCACertificate -cluster
- <install_path>\NetBackup\bin\nbcertcmd -getcertificate -cluster -force
- <install_path>\NetBackup\bin\nbcertcmd -getcertificate -force
- If the operation fails, perform the steps at the "Create a token" section below on this node then return to this step.
- Remove the <install_path>\NetBackup\var\global\vxss\nbcertservice\install_token file
Windows: Clustered Master Server Inactive Node:
1. <install_path>\NetBackup\bin\nbcertcmd -getCACertificate
2. <install_path>\NetBackup\bin\nbcertcmd -getcertificate -force
If the operation fails, perform the steps at the "Create a token" section below on this node then return to this step.
3. Remove the <install_path>\NetBackup\var\global\vxss\nbcertservice\install_token file
Create a token:
Perform the following steps on the primary server if the " nbcertcmd -getcertificate -force" is not running successfully:a. For Cluster Aware and Non-Cluster Aware:
UNIX/Linux: /usr/openv/netbackup/bin/bpnbat -login -loginType WEB
Windows: <install_path>\NetBackup\bin\bpnbat -login -loginType WEB
You will be prompted to enter the information as the following example:
Authentication Broker [MasterServer1 is default]:
Authentication port [0 is default]:
Authentication type (NIS, NISPLUS, WINDOWS, vx, unixpwd, ldap) [unixpwd is default]:
Domain [MasterServer1 is default]: example.netbackup.com
Login Name [root is default]:
Password:
b. For Cluster Aware and Non-Cluster Aware:
UNIX/Linux: /usr/openv/netbackup/bin/nbcertcmd -createToken -name <token_name> -reissue -host <Master server name>
Windows: <Install_Path>\netbackup\bin\nbcertcmd -createToken -name <token_name> -reissue -host <Master server name>
e.g. nbcertcmd -createtoken -name token1 -reissue -host MasterServer1
Token EFITVNDRKTWHXRCM created successfully.
c. For Non-Cluster Aware:
UNIX/Linux: /usr/openv/netbackup/bin/nbcertcmd -getCACertificate
/usr/openv/netbackup/bin/nbcertcmd -getCertificate -token <token_ID> -force
Windows: <install_path>\NetBackup\bin\nbcertcmd -getCACertificate
<install_path>\NetBackup\bin\nbcertcmd -getCertificate -token <token_ID> -force
e.g. nbcertcmd -getcertificate -token EFITVNDRKTWHXRCM -force
d. For Cluster Aware:
nbcertcmd -getCACertificate
nbcertcmd -getCACertificate -cluster
nbcertcmd -getCertificate -cluster -token <token_ID> -force
nbcertcmd -getCertificate -token <token_ID> -force
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.