Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup and NetBackup Appliances Hardening Guide
  3. Steps to protect Access Appliance
  4. About system certificates on Access Appliance
NetBackup and NetBackup Appliances Hardening Guide

About system certificates on Access Appliance

Access Appliance supports one certificate for all services (GUI and Object Access). The certificate can be internal or external. The Appliance CA creates the internal certificate. Any CA can create the external certificate using a CSR generated using the Access Appliance GUI. The admin user can get the CA certificate, information about the certificate mode, and expiration using the system certificate show command. The CA certificate can also be downloaded using the GUI by navigating to Settings > Security Management > Certificates.

The admin user can change the certificate mode using the system certificate mode set command. Or you can navigate to Settings > Security Management > Certificates in the GUI.

After changing the certificate mode, the admin user should restart all the services to start using the new certificate. The admin user can restart the Object Access service using the following commands:

ObjectAccess> server stop
ObjectAccess> server start

The admin user can restart the GUI service by navigating to System > guidisable and System > guienable. You can use the system certificate mode show command to get the system certificate mode.

Internal Certificates

If the system certificate mode is set to internal, the certificate that is signed by the Access Appliance CA is used for all the Object Access and GUI services. The admin user has to renew the certificate if the Object Access endpoints get changed using system certificate renew command. After the certificate is renewed, the admin user must restart Object Access and GUI service.

Note:

The system certificate renew command can be used only when the certificate mode is set to internal.

Note:

You must update the clients trust-store with CA certificate to secure connection.

Feedback

Was this page helpful?
Previous

Configuring immutability using GUI

Next

About external certificates on Access Appliance

Feedback

Was this page helpful?