Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

PowerScale: Google Certificates nearing expiration alerts

Summary: On December 15, 2021, there is a refresh to the Google certificate authority that we use within OneFS.

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content


As of November 15, 2021, OneFS alerts that Google Root certificates are expiring on December 15, 2021.   

CELOG alerts display: 
Certificate 'GoogleInternetAuthority_G3' in 'system_ca' store is nearing expiration: <Date/Time>.

This impacts the following Certificate Authorities: 

Use the following command to see the expiring authorities: 
# isi certificate authority list | grep expir

When the CAs expire on December 15, 2021, CELOG will send a critical alert that the certificate has expired. This can be treated in the same manner as the above nearing expiration events.


This is due to a timestamp that Google has to refresh or renew in its root certificates. The CELOG warning alert is set to trigger one month ahead of expiration, and a critical alert may trigger at the time of expiration.  
These certificate authorities were used for Google CloudPools configurations, however all clusters alert for the expiring authority.


The expiring certificate authorities (CA) are no longer being used by Google per the following release

Check if you are using a Google Cloud account: 
# isi cloud account list

If you are not using CloudPools in any way, or are using CloudPools with a service other than Google Cloud as your object store provider, then it is safe to remove these five certificates. 

If you are using Google Cloud as your Object Store provider and your cloud provider URI is "", then it is safe to remove these five certificates. 
If you are using Google Cloud and it is using a URI other than "", contact your object store provider to ensure they have updated the TLS certificates before removing the five expiring certificates from the cluster.

To remove the expiring CAs, use the following commands: 
# isi certificate authority delete GoogleInternetAuthority_G4
# isi certificate authority delete GoogleTrustServices_CA_1O1
# isi certificate authority delete GoogleInternetAuthority_G3
# isi certificate authority delete GlobalSign-Root-R2
# isi certificate authority delete GoogleTrustServices_CA_1D2

Article Properties

Affected Product

PowerScale OneFS

Last Published Date

04 Feb 2022



Article Type