Veritas NetBackup™ Commands Reference Guide

Last Published:
Product(s): NetBackup (9.0.0.1, 9.0)
  1. Introduction
    1.  
      About NetBackup commands
    2.  
      Navigating multiple menu levels
    3.  
      NetBackup command conventions
    4.  
      NetBackup Media Manager command notes
    5.  
      IPV6 updates
  2. Appendix A. NetBackup Commands
    1.  
      acsd
    2.  
      add_media_server_on_clients
    3.  
      backupdbtrace
    4.  
      backuptrace
    5.  
      bmrc
    6.  
      bmrconfig
    7.  
      bmrepadm
    8.  
      bmrprep
    9.  
      bmrs
    10.  
      bmrsrtadm
    11.  
      bp
    12.  
      bparchive
    13.  
      bpbackup
    14.  
      bpbackupdb
    15.  
      bpcatarc
    16.  
      bpcatlist
    17.  
      bpcatres
    18.  
      bpcatrm
    19.  
      bpcd
    20.  
      bpchangeprimary
    21.  
      bpclient
    22.  
      bpclimagelist
    23.  
      bpclntcmd
    24.  
      bpclusterutil
    25.  
      bpcompatd
    26.  
      bpconfig
    27.  
      bpdbjobs
    28.  
      bpdbm
    29.  
      bpdgclone
    30.  
      bpdown
    31.  
      bpduplicate
    32.  
      bperror
    33.  
      bpexpdate
    34.  
      bpfis
    35.  
      bpflist
    36.  
      bpgetconfig
    37.  
      bpgetdebuglog
    38.  
      bpimage
    39.  
      bpimagelist
    40.  
      bpimmedia
    41.  
      bpimport
    42.  
      bpinst
    43.  
      bpkeyfile
    44.  
      bpkeyutil
    45.  
      bplabel
    46.  
      bplist
    47.  
      bpmedia
    48.  
      bpmedialist
    49.  
      bpminlicense
    50.  
      bpnbat
    51.  
      bpnbaz
    52.  
      bppficorr
    53.  
      bpplcatdrinfo
    54.  
      bpplclients
    55.  
      bppldelete
    56.  
      bpplinclude
    57.  
      bpplinfo
    58.  
      bppllist
    59.  
      bpplsched
    60.  
      bpplschedrep
    61.  
      bpplschedwin
    62.  
      bppolicynew
    63.  
      bpps
    64.  
      bprd
    65.  
      bprecover
    66.  
      bprestore
    67.  
      bpretlevel
    68.  
      bpschedule
    69.  
      bpschedulerep
    70.  
      bpsetconfig
    71.  
      bpstsinfo
    72.  
      bpstuadd
    73.  
      bpstudel
    74.  
      bpstulist
    75.  
      bpsturep
    76.  
      bptestbpcd
    77.  
      bptestnetconn
    78.  
      bptpcinfo
    79.  
      bpup
    80.  
      bpverify
    81.  
      cat_convert
    82.  
      cat_export
    83.  
      cat_import
    84.  
      configureCerts
    85.  
      configureCertsForPlugins
    86.  
      configureMQ
    87.  
      configurePorts
    88.  
      configureWebServerCerts
    89.  
      create_nbdb
    90.  
      csconfig cldinstance
    91.  
      csconfig cldprovider
    92.  
      csconfig meter
    93.  
      csconfig reinitialize
    94.  
      csconfig throttle
    95.  
      duplicatetrace
    96.  
      importtrace
    97.  
      jbpSA
    98.  
      jnbSA
    99.  
      ltid
    100.  
      manageClientCerts
    101.  
      mklogdir
    102.  
      nbauditreport
    103.  
      nbcatsync
    104.  
      NBCC
    105.  
      NBCCR
    106.  
      nbcertcmd
    107.  
      nbcertupdater
    108.  
      nbcldutil
    109.  
      nbcloudrestore
    110.  
      nbcomponentupdate
    111.  
      nbcplogs
    112.  
      nbcredkeyutil
    113.  
      nbdb_admin
    114.  
      nbdb_backup
    115.  
      nbdb_move
    116.  
      nbdb_ping
    117.  
      nbdb_restore
    118.  
      nbdb_unload
    119.  
      nbdb2adutl
    120.  
      nbdbms_start_server
    121.  
      nbdbms_start_stop
    122.  
      nbdc
    123.  
      nbdecommission
    124.  
      nbdelete
    125.  
      nbdeployutil
    126.  
      nbdevconfig
    127.  
      nbdevquery
    128.  
      nbdiscover
    129.  
      nbdna
    130.  
      nbemm
    131.  
      nbemmcmd
    132.  
      nbfindfile
    133.  
      nbfirescan
    134.  
      nbftadm
    135.  
      nbftconfig
    136.  
      nbgetconfig
    137.  
      nbhba
    138.  
      nbholdutil
    139.  
      nbhostidentity
    140.  
      nbhostmgmt
    141.  
      nbhypervtool
    142.  
      nbidpcmd
    143.  
      nbimageshare
    144.  
      nbinstallcmd
    145.  
      nbjm
    146.  
      nbkmiputil
    147.  
      nbkmscmd
    148.  
      nbkmsutil
    149.  
      nboraadm
    150.  
      nborair
    151.  
      nbpem
    152.  
      nbpemreq
    153.  
      nbmlb
    154.  
      nbperfchk
    155.  
      nbplupgrade
    156.  
      nbrb
    157.  
      nbrbutil
    158.  
      nbregopsc
    159.  
      nbreplicate
    160.  
      nbrepo
    161.  
      nbrestorevm
    162.  
      nbseccmd
    163.  
      nbsetconfig
    164.  
      nbsnapimport
    165.  
      nbsnapreplicate
    166.  
      nbsqladm
    167.  
      nbstl
    168.  
      nbstlutil
    169.  
      nbstop
    170.  
      nbsu
    171.  
      nbsvrgrp
    172.  
      resilient_clients
    173.  
      restoretrace
    174.  
      stopltid
    175.  
      tldd
    176.  
      tldcd
    177.  
      tpautoconf
    178.  
      tpclean
    179.  
      tpconfig
    180.  
      tpext
    181.  
      tpreq
    182.  
      tpunmount
    183.  
      verifytrace
    184.  
      vltadm
    185.  
      vltcontainers
    186.  
      vlteject
    187.  
      vltinject
    188.  
      vltoffsitemedia
    189.  
      vltopmenu
    190.  
      vltrun
    191.  
      vmadd
    192.  
      vmchange
    193.  
      vmcheckxxx
    194.  
      vmd
    195.  
      vmdelete
    196.  
      vmoprcmd
    197.  
      vmphyinv
    198.  
      vmpool
    199.  
      vmquery
    200.  
      vmrule
    201.  
      vmupdate
    202.  
      vnetd
    203.  
      vssat
    204.  
      vwcp_manage
    205.  
      vxlogcfg
    206.  
      vxlogmgr
    207.  
      vxlogview
    208.  
      W2KOption
  3.  
    Index

Name

configureWebServerCerts — provides a way to enable the NetBackup domain to support NetBackup or external certificate authorities. Lets the user configure certificates for the NetBackup web server.

SYNOPSIS

configureWebServerCerts -addNBCert

configureWebServerCerts -removeNBCert [-force]

configureWebServerCerts -addExternalCert [-nbHost | -webUI | -all] {[-certPath path_to_certificate_file] [-privateKeyPath path_to_certificate_key_file] [-trustStorePath path_to_CA_certificate_file] [-passphrasePath path_to_passphrase_file]} [-crlCheckLevel DISABLE | LEAF | CHAIN] [-crlPath directory_path_to_CRLs]

configureWebServerCerts -addExternalCert [-nbHost | -webUI] [-copyNbHost | -copyWebUI ]

configureWebServerCerts -removeExternalCert [-nbHost | -webUI | -all] [-force]

configureWebServerCerts -validateExternalCert {[-certPath path_to_certificate_file] [-privateKeyPath path_to_certificate_key_file] [-trustStorePathpath_to_CA_certificate_file] [-passphrasePathpath_to_passphrase_file] [-crlCheckLevel DISABLE | LEAF | CHAIN] [-crlPath directory_path_to_CRLs] [-fmt DETAILS | FAILURES_ONLY]}

 

On UNIX systems, the directory path to this command is /usr/openv/wmc/bin/install/

On Windows systems, the directory path to this command is install_path\NetBackup\wmc\bin\install\

DESCRIPTION

The configureWebServerCerts command provides a way to configure external or NetBackup certificates for the NetBackup web server. A NetBackup web server instance uses the Java Keystore as the repository for security certificates.

You must have root or administrator rights on the master server to run this command.

If you are running this command for the first time, you need to restart the NetBackup Web Management Console service (nbwmc) after you run the command.

If the NetBackup Messaging Broker (nbmqbroker) service is enabled, then you must restart the service after you successfully run the configureWebServerCerts command.

NetBackup does not support Windows certificate store as a source for the NetBackup web server certificates.

This command does not apply to the NetBackup appliance.

OPTIONS

-addExternalCert

Configures an external certificate for the web server.

-addNBCert

Configures the NetBackup certificate authority signed certificate for the web server.

-all

Configures an external certificate for communication between NetBackup hosts as well as with the NetBackup web user interface.

-certPath

Specifies the path to the certificate file. This command does not support the use of Windows certificate store paths.

A certificate file must have a certificate chain with certificates in the correct order. The chain starts with the server certificate, also known as the leaf certificate, followed by zero or more intermediate certificates. The chain must contain all intermediate certificates up to the Root CA certificate but should not contain the Root CA certificate itself. The chain is created such that each certificate in the chain signs the previous certificate in the chain.

The certificate file should be in one of the following formats:

  • PKCS #7 or P7B file that is either DER or PEM encoded that has certificates in the specified order.

  • A file with the PEM certificates that are concatenated together in the specified order.

-copyNbHost

Specifies that web UI communication uses the same certificate that is used for host communication.

-copyWebUI

Specifies that host communication uses the same certificate that is used for web UI communication.

-crlCheckLevel

Specifies the revocation check level for external certificates of the host. You can specify the following values:

  • DISABLE: Revocation check is disabled. Revocation status of the certificate is not validated against the CRL during host communication.

  • LEAF: The revocation status of the leaf certificate is validated against the certificate revocation list (CRL). LEAF is the default value for this option.

  • CHAIN: The revocation status of all certificates in the certificate chain are validated against the CRL.

-crlPath

Specifies the path to the directory where the certificate revocation lists (CRL) of the external CA are located.

-fmt DETAILS | FAILURES_ONLY

Provides details of the validation checks that are run for the external certificate-specific configuration options. The DETAILS option provides a report of all successful and all failed validation checks. The FAILURES_ONLY option provides a report of only the failed checks.

-force

Use the -force option to forcefully remove certificate. After the removal, if there is no certificate configured for the web server, the NetBackup Web Management Console service cannot start.

-nbHost

Configures an external certificate for communication between NetBackup hosts.

-passphrasePath

Specifies the path to the passphrase file that stores the passphrase, which is used to encrypt the private key.

-privateKeyPath

Specifies the path to the private key file of the certificate.

NetBackup supports PKCS #1 and PKCS #8 formatted private keys that are either plain text or encrypted. These may either be PEM or DER encoded. If, however, the key is PKCS #1 encrypted, it must be PEM encoded. For encrypted private keys, NetBackup supports the following encryption algorithms:

  • DES, 3DES, and AES if the private key is in the PKCS #1 format.

  • DES, 3DES, AES, RC2, and RC4 if the private key is in the PKCS #8 format.

-removeExternalCert

Removes the external certificate that you have configured for the web server for communication between NetBackup hosts, the NetBackup web user interface, or both, based on the option you have configured. Use this command with the -nbHost, -webUI, or -all options.

-removeNBCert

Removes the NetBackup certificate that you have configured for the web server for communication between NetBackup hosts as well as with the NetBackup web user interface.

-trustStorePath

Specifies the path to the certificate authority bundle file. The certificate authority bundle file should be in one of the following formats:

  • PKCS #7 or P7B file having certificates of the trusted root certificate authorities that are bundled together. This file may either be PEM or DER encoded.

  • A file containing the PEM encoded certificates of the trusted root certificate authorities that are concatenated together.

-validateExternalCert

Verifies whether the external certificate-specific configurations that are provided are valid or not. It provides a report of successful and failed validation checks.

-webUI

Configures an external certificate for communication with the NetBackup web user interface.

EXAMPLES

Example 1: Configure an external certificate for the web server for NetBackup host communication.

configureWebServerCerts -addExternaCert -nbHost -certPath /root/
example_certs/device.crt -privateKeyPath /root/example_certs/
device.key -trustStorePath /root/example_certs/rootCA.pem
-passphrasePath root/example_certs/PassPhrase.txt

Example 2: Configure an external certificate for the web server for host communication using the certificate that you have configured for communication with web UI.

configureWebServerCerts -addExternalCert -webUI -copyNbHost

Example 3: Remove the external certificates that you have configured for all kinds of communication - web UI and NetBackup host.

configureWebServerCerts -removeExternalCert -all