cancel
Showing results for 
Search instead for 
Did you mean: 

Certificates Expired

peterblue
Level 3

I am running 8.1.1, and 12 clients have recently come up in Certificate Management with a Status of Expired.

9 are Windows, and 3 are Linux.

Backups fail with Status 7625: -

02-May-2019 02:20:05 - Error bpbrm (pid=61538) [PROXY] Received status: 7625 with message A SSL connect failed. Status: 1 Msg: certificate verify failed
02-May-2019 02:20:05 - Error bpbrm (pid=61538) bpcd on client exited with status 7625: A SSL socket connect failed

There are 3 hosts that are due to expire shortly. The rest seem to have a long time, so I guess the renew is working fine for them.

4 of these are old clients, so no issue there, but would like to tidy them up. The other 8 are valid clients.

 

1 ACCEPTED SOLUTION

Accepted Solutions

X2
Moderator
Moderator
   VIP   

The log indicates that the master server (CA) was not able to communicate with the clients successfully. The communication issue has been there for a months, hence the reason that the auto-renew didn't work.

I would start verifying communication between the master and client (NetBackup client running, firewall, ACLs, etc). Once that is fixed/verified, request the certificate from the master using the reissue token. Use the following command on the client after creating the reissue token for it.

$> /usr/openv/netbackup/bin/nbcertcmd -getCertificate -server <masterserverFQDN> -reissue

C:\> C:\Program Files\Veritas\NetBackup\bin\nbcertcmd -getCertificate -server <masterserverFQDN> -reissue

View solution in original post

1 REPLY 1

X2
Moderator
Moderator
   VIP   

The log indicates that the master server (CA) was not able to communicate with the clients successfully. The communication issue has been there for a months, hence the reason that the auto-renew didn't work.

I would start verifying communication between the master and client (NetBackup client running, firewall, ACLs, etc). Once that is fixed/verified, request the certificate from the master using the reissue token. Use the following command on the client after creating the reissue token for it.

$> /usr/openv/netbackup/bin/nbcertcmd -getCertificate -server <masterserverFQDN> -reissue

C:\> C:\Program Files\Veritas\NetBackup\bin\nbcertcmd -getCertificate -server <masterserverFQDN> -reissue