DDVE deployed on Google Cloud platform will lose connection to Google storage server and S3 buckets used for active tier.
Failure to import the new certificate will prevent the Data Domain file system (DDFS) to be enabled, and panic multiple times and get disabled.
From March 2021, new GTS Root R1 certificate is required for Data Domain system deployed on Google Cloud Platform with Active Tier on Object Storage (ATOS) to connect Google storage server and S3 buckets used for active tier.
The following web page provides all Certificates used by Google Trust services:
https://pki.goog/
To import the new certificate, do the following:
- Right click and save the following GTS Root R1 Certificate:
- Login to Data Domain system via DDSM web UI.
- Select Data Management -> File System -> Summary => Modify Object Store” => Certificate => Add
- Click Manage Certificates.
- Select “I want to update the certificate as .pem file” option.
- Browse and select “gtsr1.pem” file.
- Click Add.
- Verify the new certificate using the command line as follows:
sysadmin@dd01# adminaccess cert show
Subject Type Application Valid From Valid Until Fingerprint
------------------------- ------------- ----------- ------------------------ ------------------------ -----------------------------------------------------------
dd01.example.com host https Mon Sep 21 09:49:50 2020 Thu Sep 21 16:49:50 2023 00:9C:CC:8A:80:F4:C0:67:5C:67:71:43:6E:D0:FE:C7:80:E5:F8:55
dd01.example.com ca trusted-ca Wed Mar 27 17:38:34 2019 Wed Jan 31 10:48:38 2024 CB:9D:64:39:56:48:FB:58:C6:93:40:FB:29:91:56:9A:BD:08:7A:C8
GTS Root R1 imported-ca cloud Tue Jun 21 17:00:00 2016 Sat Jun 21 17:00:00 2036 E5:8C:1C:C4:91:3B:38:63:4B:E9:10:6E:E3:AD:8E:6B:9D:D9:81:4A
GlobalSign imported-ca cloud Fri Dec 15 00:00:00 2006 Wed Dec 15 00:00:00 2021 75:E0:AB:B6:13:85:12:27:1C:04:F8:5F:DD:DE:38:E4:B7:24:2E:FE
------------------------- ------------- ----------- ------------------------ ------------------------ -----------------------------------------------------------
Certificate signing request (CSR) exists at /ddvar/certificates/CertificateSigningRequest.csr
- Remove old GlobalSign Certificate.
sysadmin@dd01# adminaccess cert show
Subject Type Application Valid From Valid Until Fingerprint
------------------------- ------------- ----------- ------------------------ ------------------------ -----------------------------------------------------------
dd01.example.com host https Mon Sep 21 09:49:50 2020 Thu Sep 21 16:49:50 2023 00:9C:CC:8A:80:F4:C0:67:5C:67:71:43:6E:D0:FE:C7:80:E5:F8:55
dd01.example.com ca trusted-ca Wed Mar 27 17:38:34 2019 Wed Jan 31 10:48:38 2024 CB:9D:64:39:56:48:FB:58:C6:93:40:FB:29:91:56:9A:BD:08:7A:C8
GTS Root R1 imported-ca cloud Tue Jun 21 17:00:00 2016 Sat Jun 21 17:00:00 2036 E5:8C:1C:C4:91:3B:38:63:4B:E9:10:6E:E3:AD:8E:6B:9D:D9:81:4A
------------------------- ------------- ----------- ------------------------ ------------------------ -----------------------------------------------------------
Certificate signing request (CSR) exists at /ddvar/certificates/CertificateSigningRequest.csr
- If the file system is disabled, then enable the file system.
sysadmin@dd01#filesys enable
Resume normal backup operations.