Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Self Service Configuration Guide
  3. Configuring a NetBackup primary server
  4. Enabling communication with a NetBackup primary server using the REST API
NetBackup™ Self Service Configuration Guide

Enabling communication with a NetBackup primary server using the REST API

NetBackup Self Service can use the NetBackup REST API for some communication with the primary server. Your NetBackup server must be version 8.1.2 or higher.

Basic Setup

To enable communication using the REST API

  1. Log on to NetBackup Self Service as an administrator and navigate to the Backup Servers page. Select the appropriate backup server.
  2. Fill in the details in the REST API Connection section.

    A background task automatically examines the connectivity with the backup server.

  3. Once the job has completed, click the status icon to open connectivity summary screen
  4. Review that the REST API has been contacted successfully.
Multifactor authentication (for NetBackup 10.3 and later)

To enable multifactor authentication

  1. The NetBackup administrator must create a NetBackup Self Service user with RBAC security shown:
    • The account requires a role with at least View Protection Plans, Manage Protection Plans, View Assets, Manage Assets, Recover/Restore, and View Jobs.

    • It also requires an object group with access to all Assets, and all Protection plans.

  2. For the user you created, generate an API key and save the API key and API key tag. Cohesity recommends that the user have one year Validity.
  3. In NetBackup Self Service use the saved API Key & API key Tag to access the REST API.
Credentials (for pre-NetBackup 10.3)

By default NetBackup Self Service uses the same credentials to access the REST API as it uses to access the CLI. If you want to use a different account and RBAC security, the account requires a role with at least View Protection Plans, Manage Protection Plans, View Assets, Manage Assets, Recover/Restore, and View Jobs. It also requires an object group with access to all Assets, and all Protection plans.

Certificates

Communication with the NetBackup REST API is over HTTPS. HTTPS requires a trust relationship to exist between the client and the server. In this instance the client is the NetBackup Self Service web server or Task engine server, and the server is the NetBackup primary server. The trust relationship is established using a certificate.

You have three options for the certificate:

  1. The primary server uses a certificate that is issued from a trusted certificate authority.

    The NetBackup Self Service web server has the trust of the https connection and no other actions are necessary.

  2. The primary server certificate is either from a private certificate authority, or a self-signed certificate. You must install the certificate authority certificate manually in the trusted certificate store of the web server and task engine server. See To install the Certificate Authority certificate from the primary server onto the NetBackup Self Service web server or Task Engine server for more information.

  3. Ignore certificate errors.

    • Go into NetBackup Self Service as an administrator and navigate to the Backup Servers page.

    • Select the backup server. Click Show Advanced Settings. In the REST API Connection section review Ignore Certificate Errors, and save changes.

      This choice is a good option to use when first setting up the REST API, as it eliminates one source of problems. However, once the REST API connection works, you should only use trusted certificates. Once trusted certificates are established, clear the 'Ignore Certificate Errors' option.

Installing a Trusted Certificate Authority Certificate

To install the Certificate Authority certificate from the primary server onto the NetBackup Self Service web server or Task Engine server

  1. In NetBackup Self Service:
    • In the Backup Servers page, select the backup server. Click the status icon, to open the configuration summary screen.

    • In the REST Connection Status section, click to download the primary server's certificate onto your computer.

  2. In Windows Explorer, on the appropriate NetBackup Self Service server:
    • Locate the certificate and right-click to open it.

    • Review the certificate to ensure that it is correct.

    • Click Install Certificate....

      • Select the Local Machine store location.

      • Browse to the certificate store Trusted Root Certification Authorities and select OK.

      • Select Next.

      • Select Finish.

  3. This process installs the primary server's Certificate Authority certificate on the NetBackup Self Service server. The server now trusts the primary server certificate.
  4. Return to NetBackup Self Service and in the Backup Servers page, select the backup server. Ensure that the Ignore Certificate Errors option is cleared.
  5. Run the connectivity check. Verify that you can still connect to the backup server.

Feedback

Was this page helpful?
Previous

Enabling communication with a NetBackup appliance

Next

Creating NetBackup Template Policies

Feedback

Was this page helpful?