Data Domain: Certificate Requirement for Configuring Cloud Tier with Google Cloud Storage

Summary: This article outlines the certificate requirements for enabling the Cloud Tier feature on Data Domain systems using Google Cloud Storage. The guidance applies to systems deployed on physical hardware or on-premises virtual platforms running DDOS 6.2 or later. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

In Data Domain Operating System (DDOS) version 6.2, Dell EMC added Cloud Tier support for Google Cloud Services. Data Domain cloud feature allows customer to store long-term retention backups of S3 object storage.
To Configure Cloud Tier support for Google Cloud Services a valid Root CA certificate is required to setup trust between the Data Domain system and Google Cloud Storage account.

The following web page provides all Certificates used by Google Trust services:
https://pki.goog/

Initially Google Storage Services were configured with GlobalSign R2 Root Certificates:
This Certificate was valid until December  15, 2021.

From December 15th, 2021 onwards, the new GTS Root R1 Certificate is required for continuous access to Google Cloud Services.

If the new GTS Root R1 Certificate is NOT imported before December  15, 2021Data Domain system Cloud unit will go to DISCONNECTED state and all data-movement operations on the system will fail.

To import the certificate, do the following: 

  1. Right click and save the following GTS Root R1 Certificate:
  1. Log in to Data Domain system using DDSM web UI
  2. Select Data Management -> File System -> Cloud Units
  3. Click Manage Certificates
  4. Select "I want to update the certificate as .pem file" option
  5. Browse and select the "gtsr1.pem" file.
  6. Click Add.
  7. Verify the new certificate using the CLI command line as follows:
    • # adminaccess cert show
    • Subject                     Type            Application   Valid From                 Valid Until                Fingerprint
-------------------------   -------------   -----------   ------------------------   ------------------------   -----------------------------------------------------------
dd01.example.com             host            https         Mon Sep 21 09:49:50 2020   Thu Sep 21 16:49:50 2023   00:9C:CC:8A:80:F4:C0:67:5C:67:71:43:6E:D0:FE:C7:80:E5:F8:55
dd01.example.com             ca              trusted-ca    Wed Mar 27 17:38:34 2019   Wed Jan 31 10:48:38 2024   CB:9D:64:39:56:48:FB:58:C6:93:40:FB:29:91:56:9A:BD:08:7A:C8
GTS Root R1                 imported-ca     cloud         Tue Jun 21 17:00:00 2016   Sat Jun 21 17:00:00 2036   E5:8C:1C:C4:91:3B:38:63:4B:E9:10:6E:E3:AD:8E:6B:9D:D9:81:4A
GlobalSign                  imported-ca     cloud         Fri Dec 15 00:00:00 2006   Wed Dec 15 00:00:00 2021   75:E0:AB:B6:13:85:12:27:1C:04:F8:5F:DD:DE:38:E4:B7:24:2E:FE
-------------------------   -------------   -----------   ------------------------   ------------------------   -----------------------------------------------------------
Certificate signing request (CSR) exists in /ddvar/certificates/CertificateSigningRequest.csr

 

  1. Remove the old GlobalSign Certificate.
    • # adminaccess certificate delete subject <subject name>
  1. If the cloud unit is already in a disconnected state, arrange for downtime and restart File system:
      #filesys restart
      # Cloud unit list
    1. Resume all required data-movement operations.

    Affected Products

    Data Domain

    Products

    Data Domain, DD OS 6.2
    Article Properties
    Article Number: 000012968
    Article Type: How To
    Last Modified: 10 Nov 2025
    Version:  4
    Find answers to your questions from other Dell users
    Support Services
    Check if your device is covered by Support Services.