cisco Umbrella skewed the TLS checks:
[developer@sbx20kube01 ~]$ echo | openssl s_client -connect storage.googleapis.com:443 | egrep "^subject=|^issuer="
depth=3 O = Cisco, CN = Cisco Umbrella Root CA
verify return:1
depth=2 C = US, ST = California, L = San Francisco, O = Cisco, CN = Cisco Umbrella Primary SubCA
verify return:1
depth=1 O = Cisco, CN = Cisco Umbrella Secondary SubCA pao-SG
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = "OpenDNS, Inc.", CN = *.opendns.com
verify return:1
DONE
subject=/C=US/ST=California/L=San Francisco/O=OpenDNS, Inc./CN=*.opendns.com
issuer=/O=Cisco/CN=Cisco Umbrella Secondary SubCA pao-SG