如何处理部署在具有对象存储上的活动层 (ATOS) 的 Google Cloud Platform 上的 Data Domain 系统 (DDVE) 的新 Google 信任服务证书
Summary: 本文介绍如何处理部署在具有对象存储上的活动层 (ATOS) 的 Google Cloud Platform 上的 Data Domain 系统的新 Google 信任服务证书。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
部署在 Google Cloud Platform 上的 DDVE 将失去与 Google 存储服务器和用于活动层的 S3 存储区的连接。
未能导入新证书将阻止 Data Domain 文件系统 (DDFS) 被启用、多次死机和被禁用。Cause
自 2021 年 3 月起,部署在具有对象存储上的活动层 (ATOS) 的 Google Cloud Platform 上的 Data Domain 系统需要新的 GTS 根 R1 证书,以连接 Google 存储服务器和用于活动层的 S3 存储桶。
Resolution
以下网页提供了 Google 信任服务使用的所有证书:
https://pki.goog/
要导入新证书,请执行以下作:
- 右键单击并保存以下 GTS Root R1 证书:
- 通过 DDSM Web UI 登录到 Data Domain 系统。
- 选择 Data Management -> File System -> Summary => Modify Object Store“ => Certificate => Add
- 单击Manage Certificates。
- 选择“我想将证书更新为 .pem 文件”选项。
- 浏览并选择“gtsr1.pem”文件。
- 单击 Add。
- 使用命令行验证新证书,如下所示:
sysadmin@dd01# adminaccess cert show
Subject Type Application Valid From Valid Until Fingerprint
------------------------- ------------- ----------- ------------------------ ------------------------ -----------------------------------------------------------
dd01.example.com host https Mon Sep 21 09:49:50 2020 Thu Sep 21 16:49:50 2023 00:9C:CC:8A:80:F4:C0:67:5C:67:71:43:6E:D0:FE:C7:80:E5:F8:55
dd01.example.com ca trusted-ca Wed Mar 27 17:38:34 2019 Wed Jan 31 10:48:38 2024 CB:9D:64:39:56:48:FB:58:C6:93:40:FB:29:91:56:9A:BD:08:7A:C8
GTS Root R1 imported-ca cloud Tue Jun 21 17:00:00 2016 Sat Jun 21 17:00:00 2036 E5:8C:1C:C4:91:3B:38:63:4B:E9:10:6E:E3:AD:8E:6B:9D:D9:81:4A
GlobalSign imported-ca cloud Fri Dec 15 00:00:00 2006 Wed Dec 15 00:00:00 2021 75:E0:AB:B6:13:85:12:27:1C:04:F8:5F:DD:DE:38:E4:B7:24:2E:FE
------------------------- ------------- ----------- ------------------------ ------------------------ -----------------------------------------------------------Certificate signing request (CSR) exists at /ddvar/certificates/CertificateSigningRequest.csr
Subject Type Application Valid From Valid Until Fingerprint
------------------------- ------------- ----------- ------------------------ ------------------------ -----------------------------------------------------------
dd01.example.com host https Mon Sep 21 09:49:50 2020 Thu Sep 21 16:49:50 2023 00:9C:CC:8A:80:F4:C0:67:5C:67:71:43:6E:D0:FE:C7:80:E5:F8:55
dd01.example.com ca trusted-ca Wed Mar 27 17:38:34 2019 Wed Jan 31 10:48:38 2024 CB:9D:64:39:56:48:FB:58:C6:93:40:FB:29:91:56:9A:BD:08:7A:C8
GTS Root R1 imported-ca cloud Tue Jun 21 17:00:00 2016 Sat Jun 21 17:00:00 2036 E5:8C:1C:C4:91:3B:38:63:4B:E9:10:6E:E3:AD:8E:6B:9D:D9:81:4A
GlobalSign imported-ca cloud Fri Dec 15 00:00:00 2006 Wed Dec 15 00:00:00 2021 75:E0:AB:B6:13:85:12:27:1C:04:F8:5F:DD:DE:38:E4:B7:24:2E:FE
------------------------- ------------- ----------- ------------------------ ------------------------ -----------------------------------------------------------Certificate signing request (CSR) exists at /ddvar/certificates/CertificateSigningRequest.csr
- 删除旧的 GlobalSign证书。
sysadmin@dd01# adminaccess cert show
Subject Type Application Valid From Valid Until Fingerprint
------------------------- ------------- ----------- ------------------------ ------------------------ -----------------------------------------------------------
dd01.example.com host https Mon Sep 21 09:49:50 2020 Thu Sep 21 16:49:50 2023 00:9C:CC:8A:80:F4:C0:67:5C:67:71:43:6E:D0:FE:C7:80:E5:F8:55
dd01.example.com ca trusted-ca Wed Mar 27 17:38:34 2019 Wed Jan 31 10:48:38 2024 CB:9D:64:39:56:48:FB:58:C6:93:40:FB:29:91:56:9A:BD:08:7A:C8
GTS Root R1 imported-ca cloud Tue Jun 21 17:00:00 2016 Sat Jun 21 17:00:00 2036 E5:8C:1C:C4:91:3B:38:63:4B:E9:10:6E:E3:AD:8E:6B:9D:D9:81:4A
------------------------- ------------- ----------- ------------------------ ------------------------ -----------------------------------------------------------
证书签名请求 (CSR) 存在于 /ddvar/certificates/CertificateSigningRequest.csr
Subject Type Application Valid From Valid Until Fingerprint
------------------------- ------------- ----------- ------------------------ ------------------------ -----------------------------------------------------------
dd01.example.com host https Mon Sep 21 09:49:50 2020 Thu Sep 21 16:49:50 2023 00:9C:CC:8A:80:F4:C0:67:5C:67:71:43:6E:D0:FE:C7:80:E5:F8:55
dd01.example.com ca trusted-ca Wed Mar 27 17:38:34 2019 Wed Jan 31 10:48:38 2024 CB:9D:64:39:56:48:FB:58:C6:93:40:FB:29:91:56:9A:BD:08:7A:C8
GTS Root R1 imported-ca cloud Tue Jun 21 17:00:00 2016 Sat Jun 21 17:00:00 2036 E5:8C:1C:C4:91:3B:38:63:4B:E9:10:6E:E3:AD:8E:6B:9D:D9:81:4A
------------------------- ------------- ----------- ------------------------ ------------------------ -----------------------------------------------------------
证书签名请求 (CSR) 存在于 /ddvar/certificates/CertificateSigningRequest.csr
- 如果文件系统已禁用,则启用文件系统。
sysadmin@dd01#filesys enable
恢复正常备份作。 Additional Information
有关 GCP 证书更改的其他详细信息。
https://security.googleblog.com/2021/ —“Google、HTTPS 和设备兼容性”
https://security.googleblog.com/2021/ —“Google、HTTPS 和设备兼容性”
Affected Products
Data Domain Virtual EditionArticle Properties
Article Number: 000186120
Article Type: Solution
Last Modified: 14 Dec 2021
Version: 4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.