Forum Discussion

paralex's avatar
paralex
Level 3
4 years ago

RESTApi for Veritas System Recovery 20.3

We'd like to use the RESTApi for Veritas System Recovery 20.3, which does require a certificate configuration.

According to the documentation https://www.veritas.com/content/support/en_US/doc/38007533-139298167-0/v139884843-139298167 we'd need to run InstallWebAPI.exe and bind a certificate.

All certificates failed to bind. Just with error message "Certificate Binding Failed"

  • We've testet crt, pem, pfx formats, with and without private keys....
  • We've tried wildcard and certificates for a single host....
  • We've tried with and without certificate chain....
  • We've tried to use certificate store Cert:\CurrentUser\My\47AAE2FCC8BCC6E0FDA8C23E4B41C13430116ECE

------------------------------------

PS C:\Program Files\Veritas\Veritas System Recovery\Agent> .\InstallWebAPI.exe -vvv
Operation to be done :

1. Bind certificate
2. View Certificate
3. Unbind Certificate

1
Enter the Certificate name with the full path :
c:\_cert\cert.cer
Certificate Binding Failed
Wish to continue (Y/N) :
n
Exiting the application

--------------------------------------

None of this worked.

The documentation is not specific enough which certificate format or how to get this going.

Any idea?

2 Replies

  • I could apply the certificate with the below steps. The bold lines may be important.

    1. Run PowerShell as administrator.

    2. Run the following command to create the certificate:

    New-SelfSignedCertificate -DnsName <Computer Name> -CertStoreLocation "cert:\LocalMachine\My" -NotAfter (Get-Date).AddYears(10)

    Ex: New-SelfSignedCertificate -DnsName ComputerA -CertStoreLocation "cert:\LocalMachine\My" -NotAfter (Get-Date).AddYears(10)

    where ComputerA is computer name where we are creating certificate, and AddYears(10) means 10 years by the expiration.

    3. Next, we need to add the self-signed certificate as a trusted certificate authority. Run MMC as administrator.

    4. In MMC, select File > Add or Remove Snap-ins

    5. In Add/Remove Sanp-in window, select Certificates and then click Add

    6. Select Computer account and click on Next

    7. Select Local computer

    8. Click Finish

    9. Click OK

    10. Find the certificate in Console root > Certificates > Personal folder

    11. Right-click on the newly created certificate and then select Properties. Input the desired Friendly
    Name field for the certificate based upon what you are testing. Once completed, select the Apply
    button followed by OK.

    12. Right-click on the certificate and choose Copy

    13. Expand Trusted Root Certificate Authorities(We need to import the certificate created above to
    Trusted root Certificate)

    14. Right-click on the Certificates folder

    15. Select Paste, then Export the created Certificate in .PFX format by providing a Security Key and save
    it as test.pfx in C:\cert.

    16. Close the window.

    17. Double-click InstallWebAPI.exe in C:\Program Files\Veritas\Veritas System Recovery\Agent

    18. Choose 1.

    19. Specify C:\cert\test.pfx.

    20. Will succeed.