Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup and NetBackup Appliances Hardening Guide
  3. Steps to protect Access Appliance
  4. Configuring user authentication using digital certificates or smart cards
NetBackup and NetBackup Appliances Hardening Guide

Configuring user authentication using digital certificates or smart cards

You can configure NetBackup to authenticate users with a smart card or a digital certificate. After configuration, the users can use the Sign in with certificate or smart card option to sign in to NetBackup UI using smart cards or digital certificates.

Before you configure user authentication using smart cards or digital certificates, note the following:

  • Digital certificate or smart card authentication can be configured for LDAP, AD, and local users.

  • To authenticate LDAP users using digital certificate or smart card, ensure that LDAP is configured. Go to Settings > Directory Services management and click Configure to configure LDAP, if not already done so. For details about how to configure LDAP:

    See About configuring LDAP settings.

    See Configuring LDAP server settings.

  • To authenticate AD users using digital or smart, ensure that AD is configured. Go to Settings > Directory Services management and click Configure to configure AD, if not already done so. For details about how to configure AD:

    See Configuring AD server settings.

  • To authenticate local users using digital or smart card, ensure that you create a local user. Go to Settings > User management > Add.

  • Smart card authentication requires a list of trusted root or intermediate CA certificates. You must add the CA certificates that are associated with the user digital certificates or the user smart cards.

To configure NetBackup to authenticate users with a certificate or smart card:

  1. Log in to NetBackup UI.
  2. In the left navigation pane, click Settings > Security management, and then click Smart card authentication.
  3. Use the slider to turn on smart card authentication.
  4. In the Configure smart card authentication dialog box, specify the following options:
    • In the user authentication domain list:

      • For local user select none.

      • For an AD user, select the configured AD server.

      • For an LDAP user, select the configured LDAP server.

    • Click Common name to select the common mapping attribute.

    • Optionally, enter the Online Certificate Status Protocol (OCSP) URI. OSCP is used for checking the validity of the certificate.

      If you do not provide the OCSP URI, the URI in the user certificate is used.

  5. Click Save.
  6. To the right of CA certificates click Add.
  7. Click Browse to select the CA certificate or drag and drop the CA certificate and click Add.

    Certificates must be in PEM format, with certificate file type as .pem. Only one certificate can be added at a time. The web server is restarted after adding the certificate.

    The selected CA certificate is displayed under CA certificates.

  8. Upload the client certificate to the browser's certificate store. See the browser documentation for importing client certificates.

The users can now use the Sign in with certificate or smart card option to sign in to the NetBackup UI. LDAP users with Appliance administrator role have access to all the settings in the UI. LDAP users that do not have this role can only create S3 keys. AD users with Appliance administrator role have access to all the settings in the UI. AD users that do not have this role can only create S3 keys. Local users with Appliance administrator role have access to all the settings in the UI. Local users that do not have this role have access only to change password screen.

Feedback

Was this page helpful?
Previous

Limitations and log locations

Next

Adding CA certificates for smart card authentication

Feedback

Was this page helpful?