Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup and NetBackup Appliances Hardening Guide
  3. Steps to protect NetBackup Flex Scale
  4. Deploying external certificates on NetBackup Flex Scale
  5. Deploying ECA using the GUI
NetBackup and NetBackup Appliances Hardening Guide

Deploying ECA using the GUI

You can perform all external certificates related operations from the Settings > Security Management > Certificates tab.

  • Upload certificate

  • View certificate request

  • Generate certificate request

To deploy ECA using the GUI

  1. Go to the Settings > Security Management > Certificates tab.
  2. Click Generate certificate request and fill out the form. The SAN field is filled with default SAN entries that are mandatory for the configuration. For standard default configuration, it has the FQDN entries for all the storage servers, NetBackup primary FQDN, console IP and API gateway FQDN.
  3. Click Generate to generate a certificate request.

    The CSR is used to generate certificate. This certificate along with the CA bundle (Root CA + Intermediate CA) should be uploaded on the upload page.

  4. Click Copy to copy the certificate request. This has to be given to a CA signing authority who uses this to generate a certificate. CA signing authority will provide a certificate along with the root certificate and intermediate certificate used to generate the certificate. Authority may also provide a CRL file.
  5. Go to Certificates > Upload certificate to upload the certificate artifacts. For a fresh deployment, both the certificate and CA certificate bundle are mandatory. CRL is optional. For renewal, any one of the three are required.

    Both the certificate and CA bundle must be a .PEM file. The CA bundle .PEM file should contain entries for all the CA certificates from root to intermediate till the immediate parent of the leaf certificate.

  6. After the certificate is uploaded, Save gets enabled. Click Save. The deployment is initiated.

    After deployment is successfully completed for all components, the GUI restarts with the uploaded external certificate.

You can verify the browser certificate from the GUI to verify that it is the same one that was used during deployment.

Feedback

Was this page helpful?
Previous

Deploying external certificates on NetBackup Flex Scale

Next

Log locations

Feedback

Was this page helpful?