如何使用 ATOS 处理部署在 Google Cloud Platform 上的 DDVE 的新 Google 信任服务证书
Summary: 本文介绍如何处理部署在具有对象存储上的活动层 (ATOS) 的 Google Cloud Platform 上的 Data Domain 系统的新 Google 信任服务证书。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Google Cloud Platform 上部署的 DDVE 失去与 Google 存储服务器和用于活动层的 S3 存储区的连接。
如果无法导入新证书,则会阻止 Data Domain 文件系统 (DDFS) 被启用、多次死机并被禁用。
Cause
自 2021 年 3 月起,对于部署在具有对象存储上的活动层 (ATOS) 的 Google Cloud Platform 上的 Data Domain 系统,需要新的 GTS 根 R1 证书,才能连接 Google 存储服务器和用于活动层的 S3 存储桶。
Resolution
以下网页提供了 Google Trust 服务使用的所有证书:
https://pki.goog/
要导入新证书,请执行以下操作:
- 右键单击并保存以下 GTS Root R1 证书:
https://pki.goog/repo/certs/gtsr1.pem - 使用 DDSM Web UI 登录到 Data Domain 系统。
- 选择 Data Management -> File System -> Summary => Modify Object Store“ => Certificate => Add
- 单击Manage Certificates。
- 选择“我想将证书更新为 .pem 文件”选项。
- 浏览并选择“gtsr1.pem”文件。
- 单击 Add。
- 使用命令行验证新证书,如下所示:
sysadmin@dd01# adminaccess cert show Subject Type Application Valid From Valid Until Fingerprint ------------------------- ------------- ----------- ------------------------ ------------------------ ----------------------------------------------------------- dd01.example.com host https Mon Sep 21 09:49:50 2020 Thu Sep 21 16:49:50 2023 00:9C:CC:8A:80:F4:C0:67:5C:67:71:43:6E:D0:FE:C7:80:E5:F8:55 dd01.example.com ca trusted-ca Wed Mar 27 17:38:34 2019 Wed Jan 31 10:48:38 2024 CB:9D:64:39:56:48:FB:58:C6:93:40:FB:29:91:56:9A:BD:08:7A:C8 GTS Root R1 imported-ca cloud Tue Jun 21 17:00:00 2016 Sat Jun 21 17:00:00 2036 E5:8C:1C:C4:91:3B:38:63:4B:E9:10:6E:E3:AD:8E:6B:9D:D9:81:4A GlobalSign imported-ca cloud Fri Dec 15 00:00:00 2006 Wed Dec 15 00:00:00 2021 75:E0:AB:B6:13:85:12:27:1C:04:F8:5F:DD:DE:38:E4:B7:24:2E:FE ------------------------- ------------- ----------- ------------------------ ------------------------ ----------------------------------------------------------- Certificate signing request (CSR) exists at /ddvar/certificates/CertificateSigningRequest.csr
- 删除旧的 GlobalSign 证书。
sysadmin@dd01# adminaccess cert show Subject Type Application Valid From Valid Until Fingerprint ------------------------- ------------- ----------- ------------------------ ------------------------ ----------------------------------------------------------- dd01.example.com host https Mon Sep 21 09:49:50 2020 Thu Sep 21 16:49:50 2023 00:9C:CC:8A:80:F4:C0:67:5C:67:71:43:6E:D0:FE:C7:80:E5:F8:55 dd01.example.com ca trusted-ca Wed Mar 27 17:38:34 2019 Wed Jan 31 10:48:38 2024 CB:9D:64:39:56:48:FB:58:C6:93:40:FB:29:91:56:9A:BD:08:7A:C8 GTS Root R1 imported-ca cloud Tue Jun 21 17:00:00 2016 Sat Jun 21 17:00:00 2036 E5:8C:1C:C4:91:3B:38:63:4B:E9:10:6E:E3:AD:8E:6B:9D:D9:81:4A ------------------------- ------------- ----------- ------------------------ ------------------------ ----------------------------------------------------------- Certificate signing request (CSR) exists at /ddvar/certificates/CertificateSigningRequest.csr
- 如果文件系统已禁用,则启用文件系统。
sysadmin@dd01#filesys enable Resume normal backup operations.
Additional Information
有关 GCP 证书更改的其他详细信息。
https://security.googleblog.com/2021/ —“Google、HTTPS 和设备兼容性”
Affected Products
Data Domain Virtual EditionArticle Properties
Article Number: 000186120
Article Type: Solution
Last Modified: 09 May 2026
Version: 6
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.