Showing results for 
Search instead for 
Did you mean: 

Security scan indicates "SSL Certificate Expiry" for ports 1556 and 3652

Level 6

We recently received a security scan report from our Sec Ops team that indicated "The remote server's SSL certificate has already expired" for NetBackup on ports 1556 and 3652.  I've got a few questions:

  • What is on port 3652?  I see no mention of that port in the Network Ports Reference Guide
  • How do I renew the PBX (1556) certificate so Sec Ops is happy?
  • How do I renew the cert for the other port?

Thanks for any and all assistance in this mystery.


Level 6

NetBackup processes also use TCP ports for intra-host connects that are internal to the host.  These ports do not need to be open externally.  The ports may be bound and listening only for connections to the loopback interface (127.0/8, or ::1) or for all network interfaces (, *.*.*.*, or:::) depending on the hostname targeted by the connecting process; localhost or other hostname that is local to the host.

  • port 1557 (PBX, 6.0+)
  • port 3652 (java nbwmc <--> gateway/tunnel, 8.0+)
  • port 8205 (java nbwmc shutdown, 8.0+)
  • port 9284 (nbsl NBSL_NCWS_PORT, 8.1.2+)
  • port 13777 (java nbwmc <--> MQBroker for STOMP comms, 10.0+, unless changed) 
  • ports 13778 - 13780 (MQBroker, 8.2+, unless changed using the configureMQ program)
  • port 13785 (NB_dbsrv <--> java nbwmc, 8.0+)

Do you see any errors within NetBackup that says Certificates are expired ?