Solved: 8.1.2 security certificate renewal/update on media...

Genericus · ‎12-07-2018

I see where I can login to a media server and run "nbcertcmd -getcrl"

Is there an easy command from the master to issue certificates to media servers?

MY windows admin updated his netbackup and now the cert is not valid

NetBackup 9.1.0.1 on Solaris 11, writing to Data Domain 9800 7.7.4.0
duplicating via SLP to LTO5 & LTO8 in SL8500 via ACSLS

Genericus · ‎12-07-2018

Never mind - did some more hunting...

The CA cert of the master got ‘lost’

From the master

# nbcertcmd -getCrl -server nbmaster

Successfully refreshed certificate revocation list for nbmaster.

Successfully refreshed security level for nbmaster.

# nbcertcmd -listCACertDetails

Subject Name : /CN=nbatd/OU=root@nbmaster/O=vx

Start Date : Sep 19 18:13:11 2018 GMT

Expiry Date : Sep 14 19:28:11 2038 GMT

SHA1 Fingerprint : blah

Operation completed successfully.

From nbmedia:

C:\Program Files\Veritas\NetBackup\bin>nbcertcmd -displayCACertDetail -server nbmaster

CA Certificate received successfully from server nbmaster.

Subject Name : /CN=nbatd/OU=root@nbmaster/O=vx

Start Date : Sep 19 18:13:11 2018 GMT

Expiry Date : Sep 14 19:28:11 2038 GMT

SHA1 Fingerprint : blah

CA Certificate State : Not Trusted

C:\Program Files\Veritas\NetBackup\bin>nbcertcmd -getCACertificate -server nbmaster

Authenticity of root certificate cannot be established.

The SHA1 fingerprint of root certificate is blah.

Are you sure you want to continue using this certificate ? (y/n): y

The validation of root certificate fingerprint is successful.

CA certificate stored successfully from server nbmaster.

C:\Program Files\Veritas\NetBackup\bin>nbcertcmd -getcrl

Successfully refreshed certificate revocation list for nbmaster.

Successfully refreshed security level for nbmaster.

NetBackup 9.1.0.1 on Solaris 11, writing to Data Domain 9800 7.7.4.0
duplicating via SLP to LTO5 & LTO8 in SL8500 via ACSLS

View solution in original post

Genericus · ‎12-07-2018

Never mind - did some more hunting...

The CA cert of the master got ‘lost’

From the master

# nbcertcmd -getCrl -server nbmaster

Successfully refreshed certificate revocation list for nbmaster.

Successfully refreshed security level for nbmaster.

# nbcertcmd -listCACertDetails

Subject Name : /CN=nbatd/OU=root@nbmaster/O=vx

Start Date : Sep 19 18:13:11 2018 GMT

Expiry Date : Sep 14 19:28:11 2038 GMT

SHA1 Fingerprint : blah

Operation completed successfully.

From nbmedia:

C:\Program Files\Veritas\NetBackup\bin>nbcertcmd -displayCACertDetail -server nbmaster

CA Certificate received successfully from server nbmaster.

Subject Name : /CN=nbatd/OU=root@nbmaster/O=vx

Start Date : Sep 19 18:13:11 2018 GMT

Expiry Date : Sep 14 19:28:11 2038 GMT

SHA1 Fingerprint : blah

CA Certificate State : Not Trusted

C:\Program Files\Veritas\NetBackup\bin>nbcertcmd -getCACertificate -server nbmaster

Authenticity of root certificate cannot be established.

The SHA1 fingerprint of root certificate is blah.

Are you sure you want to continue using this certificate ? (y/n): y

The validation of root certificate fingerprint is successful.

CA certificate stored successfully from server nbmaster.

C:\Program Files\Veritas\NetBackup\bin>nbcertcmd -getcrl

Successfully refreshed certificate revocation list for nbmaster.

Successfully refreshed security level for nbmaster.

NetBackup 9.1.0.1 on Solaris 11, writing to Data Domain 9800 7.7.4.0
duplicating via SLP to LTO5 & LTO8 in SL8500 via ACSLS

VOX

8.1.2 security certificate renewal/update on media servers from master