Data Domain: Certificate Error while adding Cloud Unit

Summary: When adding a Cloud Unit to a Data Domain system using System Manager, a certificate validation error may occur due to missing or outdated root CA certificates.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

Attempting to add a Cloud Unit in Data Domain System Manager results in the following error:

  • Cloud Verification Failed at Connectivity Check: Validating certificate
  • For example:
Example of error encountered when adding Cloud unit

Cause

The error occurs because the required root CA certificates for the cloud provider are not present or are outdated. According to the Data Domain Administration Guide, the prerequisites for configuring or adding a Cloud Unit include:

  • Proper network configuration (firewall and proxy settings)
  • Importing the correct CA certificates
  • Adding the Cloud Unit

Resolution

1. Download Required Certificates.

For each cloud provider, download the appropriate root CA certificates:

  • AWS:

    • Baltimore CyberTrust Root Certificate
    • Note: Also download and import the Starfield Class 2 Certificate released in March 2021.
    • Refer to this KB article for handling AWS S3 certificate changes.

  • Virtustream:

    • Download the DigiCert High Assurance EV Root CA Certificate from DigiCert.

  • ECS:

    • Root CA certificates vary by customer.
    • If using an HTTPS endpoint, ensure that the root CA certificate from your load balancer provider is imported.

  • Azure:

    • Download the Baltimore CyberTrust Root Certificate.
    • Note: Starting February 2022, additional certificates are required.
    • Refer to this KB article for handling Azure TLS certificate changes.
    • Video: Azure Certificate update

  • S3 Flexible Providers:

    • Import the root CA certificate provided by your S3 Flexible provider.

2. Convert Certificate to PEM Format (if needed)

If the downloaded certificate has a .crt extension, convert it to PEM format using OpenSSL:

openssl x509 -inform der -in BaltimoreCyberTrustRoot.crt -out BaltimoreCyberTrustRoot.pem

3. Import Certificate using Data Domain System Manager

  1. Navigate to:
    Data Management > File System > Cloud Units

  2. Click Manage Certificates in the toolbar.

  3. In the Manage Certificates for Cloud dialog, click Add.

  4. Choose one of the following options:

    • Upload a .pem file: Browse and select the certificate file.
    • Copy and paste the certificate text:
      • Open the .pem file in a text editor.
      • Copy the contents and paste them into the dialog.

  5. Click Add to complete the import.

    The below Video provides a Demo on How to import a legacy Baltimore certificate for Azure Cloud Provider and Integrate Data Domain with it.

    Watch on YouTube.

    Additional Information

    Reference: Dell PowerProtect Data Domain Core Documents

    • Administration guides are available for each DDOS version

    Affected Products

    Data Domain
    Article Properties
    Article Number: 000056159
    Article Type: Solution
    Last Modified: 17 Oct 2025
    Version:  6
    Find answers to your questions from other Dell users
    Support Services
    Check if your device is covered by Support Services.