I am running 8.1.1, and 12 clients have recently come up in Certificate Management with a Status of Expired.
9 are Windows, and 3 are Linux.
Backups fail with Status 7625: -
02-May-2019 02:20:05 - Error bpbrm (pid=61538) [PROXY] Received status: 7625 with message A SSL connect failed. Status: 1 Msg: certificate verify failed
02-May-2019 02:20:05 - Error bpbrm (pid=61538) bpcd on client exited with status 7625: A SSL socket connect failed
There are 3 hosts that are due to expire shortly. The rest seem to have a long time, so I guess the renew is working fine for them.
4 of these are old clients, so no issue there, but would like to tidy them up. The other 8 are valid clients.
The log indicates that the master server (CA) was not able to communicate with the clients successfully. The communication issue has been there for a months, hence the reason that the auto-renew didn't work.
I would start verifying communication between the master and client (NetBackup client running, firewall, ACLs, etc). Once that is fixed/verified, request the certificate from the master using the reissue token. Use the following command on the client after creating the reissue token for it.
$> /usr/openv/netbackup/bin/nbcertcmd -getCertificate -server <masterserverFQDN> -reissue
C:\> C:\Program Files\Veritas\NetBackup\bin\nbcertcmd -getCertificate -server <masterserverFQDN> -reissue