Important Update: Cohesity Products Knowledge Base Articles
All Cohesity Knowledge Base Articles are now managed via the Cohesity Support Portal: https://support.cohesity.com/s/searchunify. The Knowledge Base articles available here will not reflect the latest information or may no longer be accessible.
Google Cloud Plugin configuration fails with "GenericError: Failed to connect: Server presented certificate that does not match host www.googleapis.com"
Problem
Google Cloud Plugin (GCP) configuration fails with GenericError: Failed to connect: Server presented certificate that does not match host www.googleapis.com
Error Message
Flexsnap.log:
flexsnap-agent: GenericError: Failed to connect: Server presented certificate that does not match host www.googleapis.com: {'crlDistributionPoints': (u'http://crl.pki.goog/GTSGIAG3.crl',), 'subjectAltName': (('DNS', 'google.com'), ('DNS', '*.2mdn.net'), ('DNS', '*.android.com'), ('DNS', '*.appengine.google.com'), ('DNS', '*.au.doubleclick.net'), ('DNS', '*.cc-dt.com'), ('DNS', '*.cloud.google.com'), ('DNS', '*.crowdsource.google.com'), ('DNS', '*.de.doubleclick.net'), ('DNS', '*.doubleclick.com'), ('DNS', '*.doubleclick.net'), ('DNS', '*.fls.doubleclick.net'), ('DNS', '*.fr.doubleclick.net'), ('DNS', '*.g.co'), ('DNS', '*.gcp.gvt2.com'), ('DNS', '*.gcpcdn.gvt1.com'), ('DNS', '*.ggpht.cn'), ('DNS', '*.google-analytics.com'), ('DNS', '*.google.ac'), ('DNS', '*.google.ad'), ('DNS', '*.google.ae'), ('DNS', '*.google.af'),
..............
u'Jul 2 19:12:04 2019 GMT', 'caIssuers': (u'http://pki.goog/gsr2/GTSGIAG3.crt',), 'OCSP': (u'http://ocsp.pki.goog/GTSGIAG3',), 'serialNumber': u'1A30E99B7389A61CD0021D486E84CA10', 'notAfter': 'Sep 24 18:56:00 2019 GMT', 'version': 3L, 'subject': ((('countryName', u'US'),), (('stateOrProvinceName', u'California'),), (('localityName', u'Mountain View'),), (('organizationName', u'Google LLC'),), (('commonName', u'google.com'),)), 'issuer': ((('countryName', u'US'),), (('organizationName', u'Google Trust Services'),), (('commonName', u'Google Internet Authority G3'),))}
Cause
The DNS server is failing to resolve the accurate DNS hostname suffix for googleapis.com.
Solution
Test using another DNS server, as the forwarder may not be resolving the DNS entries correctly. Maybe CloudPoint host is deployed in Azure Cloud in a US region, while the DNS server is located in South America resolving South American DNS suffixes.
The following will change so that CloudPoint containers will use the specified DNS server:
In the below example we are using Google's own DNS:
# vi /etc/docker/daemon.json
{
"dns": ["8.8.8.8"]
}
Then restart the docker service:
# sudo service docker restart
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.