02-05-2021 09:29 AM
We'd like to use the RESTApi for Veritas System Recovery 20.3, which does require a certificate configuration.
According to the documentation https://www.veritas.com/content/support/en_US/doc/38007533-139298167-0/v139884843-139298167 we'd need to run InstallWebAPI.exe and bind a certificate.
All certificates failed to bind. Just with error message "Certificate Binding Failed"
------------------------------------
PS C:\Program Files\Veritas\Veritas System Recovery\Agent> .\InstallWebAPI.exe -vvv
Operation to be done :
1. Bind certificate
2. View Certificate
3. Unbind Certificate
1
Enter the Certificate name with the full path :
c:\_cert\cert.cer
Certificate Binding Failed
Wish to continue (Y/N) :
n
Exiting the application
--------------------------------------
None of this worked.
The documentation is not specific enough which certificate format or how to get this going.
Any idea?
02-10-2021 01:16 AM
I am clarifying these points and the error seen.
In the meantime, can I inquire what steps you are using to create this certificate ? They should be ones similar to discussed in How To Create a SHA-256 Self-Signed Certificate – Support Topics (jetglobal.com) but could you confirm how you do it.
Regards,
02-15-2021 12:42 AM - edited 02-15-2021 01:55 AM
I could apply the certificate with the below steps. The bold lines may be important.
1. Run PowerShell as administrator.
2. Run the following command to create the certificate:
New-SelfSignedCertificate -DnsName <Computer Name> -CertStoreLocation "cert:\LocalMachine\My" -NotAfter (Get-Date).AddYears(10)
Ex: New-SelfSignedCertificate -DnsName ComputerA -CertStoreLocation "cert:\LocalMachine\My" -NotAfter (Get-Date).AddYears(10)
where ComputerA is computer name where we are creating certificate, and AddYears(10) means 10 years by the expiration.
3. Next, we need to add the self-signed certificate as a trusted certificate authority. Run MMC as administrator.
4. In MMC, select File > Add or Remove Snap-ins
5. In Add/Remove Sanp-in window, select Certificates and then click Add
6. Select Computer account and click on Next
7. Select Local computer
8. Click Finish
9. Click OK
10. Find the certificate in Console root > Certificates > Personal folder
11. Right-click on the newly created certificate and then select Properties. Input the desired Friendly
Name field for the certificate based upon what you are testing. Once completed, select the Apply
button followed by OK.
12. Right-click on the certificate and choose Copy
13. Expand Trusted Root Certificate Authorities(We need to import the certificate created above to
Trusted root Certificate)
14. Right-click on the Certificates folder
15. Select Paste, then Export the created Certificate in .PFX format by providing a Security Key and save
it as test.pfx in C:\cert.
16. Close the window.
17. Double-click InstallWebAPI.exe in C:\Program Files\Veritas\Veritas System Recovery\Agent
18. Choose 1.
19. Specify C:\cert\test.pfx.
20. Will succeed.