Symptoms:

Below is the TLS error that appears when configuring Bosh Director S3 Blobstore.

SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError) Unable to verify certificate. This may be an issue with the remote host or with Excon. Excon has certificates bundled, but these can be customized:

When clicking save in the director config page Operations Manager performs several validation to verify all the settings are correct. This helps prevent deployment failures due to a misconfiguration.  

In order to validate, Operations Manager will attempt to validate the configured S3 store, which includes making a connection to test, among other things, the SSL certificate returned by the remote server.  Even though the Operator has configured the required public CA cert in the trusted certificates field, Operations Manager will not use trusted certificates and the connection will fail.

To workaround this Operators can install the public CA certificate directly into Operations Manager OS config. 

1. SSH into the Operations Manager VM
2. Copy the public CA certificate into /etc/ssl/certs
3. Run this command to install the new CA certificate

   sudo update-ca-certificates -f -v

4. Upon successful execution you should see "1 added" in the output.  This indicates the new cert was installed.

   Updating certificates in /etc/ssl/certs... 1 added, 0 removed; done.