Forum Discussion

miketduffy's avatar
miketduffy
Level 3
6 years ago

Client Certificate Expired

Hi, 

Backup failed on server with;

Error bpbrm (pid=15908) [PROXY] Received status: 7625 with message A SSL connect failed. Status: 1 Msg: certificate verify failed

I checked the client and

/usr/openv/netbackup/bin/nbcertcmd -listCertDetails

Expiry Date : Sep 26 07:12:38 2019 GMT

 

Does anyone know who to update/refresh this? I have tried everything offered so far and nothing updates it

 

Thanks

 

 

  • miketduffy's avatar
    miketduffy
    6 years ago

    Thanks for all the suggestions but it appears it was as easy as this to fix;

     

    It is necessary to adjust the Master Server's CLIENT_NAME parameter to match the value displayed in the Host column of the Host Management table.

    Once done, attempts to add new clients or media servers should no longer result in EXIT STATUS 5987.

     

    So edited bp.conf and removed the domain name. ran the nbcertcmd again and all fixed

     

    Thanks again

    • miketduffy's avatar
      miketduffy
      Level 3

      Hi

       

      I had tried that and get this error 

       

      Host certificate and certificate revocation list already exist for master server [brprdnbu001.iggroup.local]

      • Krutons's avatar
        Krutons
        Moderator

        Here is what I would suggest doing.

        Go to Certificate Management under Security Management in the Admin Console.
        Revoke the cert for the client you are having issues with.

        On the client, run the following.
        nbcertcmd -listCACertDetails
        Copy the SHA1 Fingerprint and paste it in the next command
        nbcertcmd -removeCACertificate -fingerPrint <paste here>
        nbcertcmd -deleteAllCertificates
        nbcertcmd -getCACertificate -server <master server>

        Now generate a reissue token in the Admin Console for this client and copy that token, you will use it in the next command.

        nbcertcmd -getCertificate -server <master server> -token

        Paste the token when asked for it.

        Now refresh the Host Management tab in the Admin Console and verify that there is now a green lock next to this client name.
        Also, refresh the Certificate Mangement tab in the Admin Console and verify that the client now shows active.