NetBackup™ Web UI Security Administrator's Guide
- Introducing the NetBackup web user interface
- Managing role-based access control
- About role-based access control (RBAC) in NetBackup
- NetBackup default RBAC roles
- Configuring RBAC
- Add a custom role
- Edit or delete a custom role
- Add an object group
- Previewing the assets, application servers, or protection plans for an object group
- Edit or delete an object group
- Add access for a user through access rules
- Edit or remove user access rules
- How can I limit role permissions to specific objects or assets?
- Security events and audit logs
- Managing host mappings and certificates
- About security management and certificates in NetBackup
- NetBackup host IDs and host ID-based certificates
- View NetBackup host information
- Approve or add mappings for a host that has multiple host names
- Reissue a certificate when a host's certificate is no longer valid
- Remove mappings for a host that has multiple host names
- Reset a host's attributes
- Managing global security settings
- Troubleshooting the web UI
You can view and revoke certificates and view information on the Certificate Authority (CA). More detailed information about certificate management, certificate deployment, and the Certificate Management utility is available in the NetBackup Security and Encryption Guide. To reissue a token for a host, see:
See Reissue a certificate when a host's certificate is no longer valid.
To view a certificate
- On the left, select Security > Certificates.
The list of certificates displays for the master server.
- To view additional certificate details for a host, click on a host name.
When you revoke a NetBackup host ID-based certificate, NetBackup revokes any other certificates for that host. NetBackup ceases to trust the host, and it can no longer communicate with the other NetBackup hosts.
You can revoke a host ID-based certificate under various conditions. For example, if you detect that client security has been compromised, if a client is decommissioned, or if NetBackup is uninstalled from the host. A revoked certificate cannot be used to communicate with master server web services.
See "About revoking host ID-based certificates" in the NetBackup Security and Encryption Guide.
Security best practices suggest that the NetBackup security administrator explicitly revoke the certificates for any host that is no longer active, regardless of whether the certificate is still deployed on the host, or whether it has been successfully removed from the host.
Note:
Do not revoke a certificate of the master server. If you do, NetBackup operations may cease.
- On the left, select Security > Certificates.
- Click on the host name that is associated with the certificate that you want to revoke.
- Click Revoke certificate > Yes.
For secure communication with the master server or Certificate Authority, a host's administrator must add the CA certificate to an individual host's trust store. The master server administrator must give the fingerprint of the CA certificate to the administrator of the individual host.
To view the Certificate Authority details and fingerprint
- On the left, select Security > Hosts.
- At the top, click View Certificate Authority.
- Find the Fingerprint information and click Copy to clipboard.
- Provide this fingerprint information to the host's administrator.