Connecting to private S3 endpoint and CRL

[nvdwansem]

Hello,

I've created a case: 07348288

Can someone please confirm that although I've followed https://www.veeam.com/kb4226 to the letter I still need to give my Gateway servers access to *.amazontrust.com?

The whole idea for me to use a private S3 endpoint is to use direct connect and to NOT have my GW's connect to a public url.

[david.domask]

Hi nvdwansem,

With the registry value ObjectStorageTlsRevocationCheck set to 0, the CRL check is ignored and there is no need for a connection to the amazontrust endpoints, as those are used for the certificate revocation list checks, which we're intentionally disabling with this registry value.

I checked the case briefly, and I can see from the notes that the nature of the error indeed changed after applying the registry value (previously it specifically cited it could not perform the CRL check, and after applying the registry value the error changed to a generic validation failure). From the Engineer's notes, I can see a few other errors unrelated to CRL, so please continue working with Support as the issue appears to unrelated to the amazontrust at the moment based on the most recent research.