Client is unable to get a certificate (CACertificate can be received) with unusual error:
nbu-client # /usr/openv/netbackup/bin/nbcertcmd -getCertificate
nbcertcmd: The -getCertificate operation failed for server nbu-mas.domain.local
EXIT STATUS 5908: Unknown error occurred.
In nbcertcmd log:
13:38:27.725 [4785.4785] <2> getHostIdCertStatus: Checking if hostID exist of host nbu-mas.domain.local
13:38:27.725 [4785.4785] <2> readJsonMapFile: Json mapping file [/usr/openv/var/vxss/certmapinfo.json] does not exist
13:38:27.725 [4785.4785] <2> readCertMapInfoInstallPath: Mapping file does not exists
13:38:27.725 [4785.4785] <2> getHostIdCertStatus: getHostID failed, error :5949.
13:38:30.364 [4785.4785] <2> curlSendRequest: actual http response : 500 expected http result: 200
13:38:30.364 [4785.4785] <2> parse_json_error_response: Error code returned by server is :5908
13:38:30.364 [4785.4785] <2> parse_json_error_response: Developer error message return by server :com.fasterxml.jackson.databind.exc.MismatchedInputException: No content to map due to end-of-input at [Source: (String)""; line: 1, column: 0]
13:38:30.364 [4785.4785] <16> nbcert_curl_gethostcertificate: Failed to perform getcertificate, with error code : 5908
13:38:30.364 [4785.4785] <2> NBClientCURL:~NBClientCURL: Performing curl_easy_cleanup()
13:38:30.364 [4785.4785] <16> GetHostCertificate: nbcertcmd command failed to get certificate. retval = 5908
Everything looks fine except the ability to get a certificate. Rest API looks fine:
[root@nbu-client nbcert]# curl -X GET https://nbu-mas.domain.local:1556/netbackup/security/certificates/crl --insecure -H 'Accept: application/pkix-crl' -H 'Authorization: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' > /tmp/crl
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 316 100 316 0 0 2088 0 --:--:-- --:--:-- --:--:-- 2078
but master-server wasn't able to get certificate even for itself:
[root@nbu-mas tmp]# /usr/openv/netbackup/bin/nbcertcmd -getcertificate -force
nbcertcmd: The -getCertificate operation failed for server nbu-mas.domain.local.
EXIT STATUS 5986: Certificate request for host was rejected as the host could not be validated as a master server.
The root cause of the problem is that the master server's CLIENT_NAME record in bp.conf was mistakenly removed.
Return it back and restart nbwmc service to make it work:
[root@nbu-mas tmp]# /usr/openv/netbackup/bin/nbwmc terminate
[root@nbu-mas tmp]# /usr/openv/netbackup/bin/nbwmc start
Starting NetBackup Web Management Console could take a couple of minutes ... started.