04-15-2019 07:50 PM
Hey All,
Have had S3 compatible storage setup for a while, and it has worked well. Twice we have had an issue where it states - "Cant connect to open storage" - last time resulted in a reinstall but that's not working this time. We have ruled out any connectivity issues as we can use other tools to connect to it.
We can see in a packet capture that indeed it is connecting, but our server is stating invalid CA and shutting the connection. I have tried installing the root certificates for the site it is connecting to with no luck. But this begs the question, why did it just stop working and how can we fix it ? I have a support case open at Veritas to which I haven't had alot of response yet. Really need to get this working in the next couple of days.
04-16-2019 09:21 PM
Still haven't had any luck with our support case - we are just going around in circles and not really getting any pleasure from 1st level support. In fact, I requested it to be escalated as the tech didn't understand the relevance of the packet capture and still can't even get this. So painfull every time we lodge a case, and at this stage we may be forced to move to another product. Given this had been working for months prior, it seems odd for it to just stop working. I've uploaded an image of the capture in case anyone has any ideas.
Not sure if any Veritas employees still lurk on these forums, but if so it would be helpfull for you to look at my case 190205000092 appologies for the few choice words I used in some of my requests.
04-16-2019 09:22 PM
Added image of storage error
04-16-2019 10:29 PM
refer this NBU doc. See if it helps. BE also looks into the cacert file for known certs. You can append the one which is not present in the BE cacert file as per below document.
https://www.veritas.com/support/en_US/article.100032993
if you want to confirm the cURL error: 60, you can start SGMON (select beserver. SGMON is located at BE Install Path\ ) and then restart the BE services to confirm if the same error is coming in BE.
04-17-2019 04:25 PM
Excellent - Thanks you so much for that. SGMON does indeed show the curl error and states that there is a self signed certificate in the chain. See output attached. Just need some direction on where to from here - obviously I can add the root certificates to the cacerts file - but the question is which ones.... I know the provider uses Comodo certs.
Cheers
04-17-2019 07:02 PM
When I googled the curl error, I found a link to https://curl.haxx.se/ca/cacert.pem which contains the latest root certs, etc. I replaced the one in BE's directory with the new one, and the debug shows that it is now connecting. Just testing a job, then we will be happy.
Cheers for the help.
04-17-2019 08:50 PM