Forum Discussion

Chris_V_1's avatar
Level 3
7 years ago

Completely remove host certificates in 8.1

I have a customer that will potentially have hundreds of servers that will be used for a short period of time and then decomissioned.  In NetBackup 8.1 I know you can revoke the certificate for hosts that are no longer active.  However, this list will end up getting kind of messy.  I've hacked around a ton looking at commands and directory structures and I don't see anything obvious.  Does anyone know how to remove a host completly from the Host Certificate list?



Chris V.

  • VerJD's avatar
    6 years ago

    FYI, the KB article (100041506) posted by Joseph_Vidal was written for the case that WayneCierkowski mentioned above, suggest marking both of their posts as the solution.

    Also keep in mind, the "nbcertcmd -deleteCertificate -hostid <host id>" command is intended to be run on a client (not on the master) to delete the client's hostID certificate from the local certificate store and it does not change any tables in EMM DB on the master. Thus, it will not change the contents of what is visible in the Certificate Management or Host Management tables as presented in the GUI, so the requested functionality is currently not available. However, it is possible in some future release that this functionality may be added or modified in some way.

    Note: We do not recommend moving the clock forward for testing on your master server, as this could result in images expiring, causing a data loss condition.

14 Replies

Replies have been turned off for this discussion
  • Assuming all clients are 8.1 - so the certificates are host ID-based.

    In this case, old certificates can be removed by running nbcertcmd -deleteCertificate -hostid <host id> 

    • Chris_V_1's avatar
      Level 3

      I believe that command works on the client itself to get of local certificates, which doesn't apply in this situation.  When I try to use it from the master I get:

      [root@c1 openv]# /usr/openv/netbackup/bin/!/usr/openv/netbackup/bin/nbcertcmd -deleteCertificate -hostid 9be1107-93b4-48f9-a551-b55c75130718
      Deleting security certificates can adversely impact the NetBackup functionality.
      Do you want to proceed? (y/n) y
      Failed to delete certificate.
      EXIT STATUS 114: unimplemented error code 114

      • Mouse's avatar

        This is expected because it's the client certificate you are resetting. If you need to revoke it so the client won't be able to connect to the master in question, you need to run nbcertcmd -revokeCertificate -hostID host_id