cancel
Showing results for 
Search instead for 
Did you mean: 

RESTApi for Veritas System Recovery 20.3

paralex
Level 3
Partner Accredited

We'd like to use the RESTApi for Veritas System Recovery 20.3, which does require a certificate configuration.

According to the documentation https://www.veritas.com/content/support/en_US/doc/38007533-139298167-0/v139884843-139298167 we'd need to run InstallWebAPI.exe and bind a certificate.

All certificates failed to bind. Just with error message "Certificate Binding Failed"

  • We've testet crt, pem, pfx formats, with and without private keys....
  • We've tried wildcard and certificates for a single host....
  • We've tried with and without certificate chain....
  • We've tried to use certificate store Cert:\CurrentUser\My\47AAE2FCC8BCC6E0FDA8C23E4B41C13430116ECE

------------------------------------

PS C:\Program Files\Veritas\Veritas System Recovery\Agent> .\InstallWebAPI.exe -vvv
Operation to be done :

1. Bind certificate
2. View Certificate
3. Unbind Certificate

1
Enter the Certificate name with the full path :
c:\_cert\cert.cer
Certificate Binding Failed
Wish to continue (Y/N) :
n
Exiting the application

--------------------------------------

None of this worked.

The documentation is not specific enough which certificate format or how to get this going.

Any idea?

2 REPLIES 2

P_Jeal
Moderator
Moderator
Employee

I am clarifying these points and the error seen.

In the meantime, can I inquire what steps you are using to create this certificate ? They should be ones similar to discussed in How To Create a SHA-256 Self-Signed Certificate – Support Topics (jetglobal.com)   but could you confirm how you do it.

 

Regards,

akihiro1
Moderator
Moderator
Employee

I could apply the certificate with the below steps. The bold lines may be important.

1. Run PowerShell as administrator.

2. Run the following command to create the certificate:

New-SelfSignedCertificate -DnsName <Computer Name> -CertStoreLocation "cert:\LocalMachine\My" -NotAfter (Get-Date).AddYears(10)

Ex: New-SelfSignedCertificate -DnsName ComputerA -CertStoreLocation "cert:\LocalMachine\My" -NotAfter (Get-Date).AddYears(10)

where ComputerA is computer name where we are creating certificate, and AddYears(10) means 10 years by the expiration.

3. Next, we need to add the self-signed certificate as a trusted certificate authority. Run MMC as administrator.

4. In MMC, select File > Add or Remove Snap-ins

5. In Add/Remove Sanp-in window, select Certificates and then click Add

6. Select Computer account and click on Next

7. Select Local computer

8. Click Finish

9. Click OK

10. Find the certificate in Console root > Certificates > Personal folder

11. Right-click on the newly created certificate and then select Properties. Input the desired Friendly
Name field for the certificate based upon what you are testing. Once completed, select the Apply
button followed by OK.

12. Right-click on the certificate and choose Copy

13. Expand Trusted Root Certificate Authorities(We need to import the certificate created above to
Trusted root Certificate)

14. Right-click on the Certificates folder

15. Select Paste, then Export the created Certificate in .PFX format by providing a Security Key and save
it as test.pfx in C:\cert.

16. Close the window.

17. Double-click InstallWebAPI.exe in C:\Program Files\Veritas\Veritas System Recovery\Agent

18. Choose 1.

19. Specify C:\cert\test.pfx.

20. Will succeed.