Attempting to run the following gmu command fails: 

-bash-4.2$ /restmansdge/gmu10/GatewayMigrationUtility.sh list -z ~/argfiles/sdgeqax.args -t http_configuration
Warning: TLS hostname verification has been disabled
Warning: TLS server certificate check has been disabled
Running..
Execution failed. Reason: Unable to establish trust with the Gateway. To resolve, either:
• Establish server trust and try again (more info: search "establish server trust" in the Gateway documentation), OR
• Re-run command with the "--trustCertificate", or "--trustHostname" parameter to bypass trust requirement.

Release : 10.0

Component : API GATEWAY

the issue seems to be produced depending on how we configure environment variables like

--jdk "C:\Program Files (x86)\CA Technologies - A Broadcom Company\Layer7 API Gateway Policy Manager 10.0.00.11263-CR03\jre"

and the encryptionPassphrase=@file:./rmanpass.txt  or encryptionPassphrase=@file:rmanpass.txt 

Example for Windows Environment 

1. follow each step related to 
- Publish the REST Management Service
- Create Migration Administrator Users
- Generate GMU Client Certificate and Private Key
- "Map Migration Administrators to GMU Client Certificate"
- Establish Server Trust
  taked care to resove this success 
ie : Trust this certificate? [no]: yes
Certificate was added to keystore

ref:

https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-gateway/10-0/gateway-migration/configure-gmu-and-gateways-for-migration.html

2. Set Env variables example used on Windows:
set jarDir=C:\Users\GMU\GatewayMigrationUtility-1.7.00-936
set JRE=C:\Program Files (x86)\CA Technologies - A Broadcom Company\Layer7 API Gateway Policy Manager 10.0.00.11263-CR03\jre
set ARG=C:\Users\GMU\GatewayMigrationUtility-1.7.00-936\gmuser\gmu10\argfiles

3. copy the following files into a unique folder : C:\Users\GMU\GatewayMigrationUtility-1.7.00-936\gmuser\gmu10\argfiles
gmuser_cert.p12
rmanpass.txt
test.args

Details for test.args file (7 lines):
host=<server name><domain>.net
port=8443
results=results.xml
username=gmuser
clientCert=gmuser_cert.p12
password=@file:rmanpass.txt
encryptionPassphrase=@file:rmanpass.txt

4. run the command :

%jardir%\GatewayMigrationUtility.bat --jdk "%JRE%" list --argFile %ARG%\test.args -trustHostname -trustCertificate -t folder

5. more tests,  using the current CR03 on Gateway and JRE explicity configured and into Args file too

modified my test.args file as follow : 
changed from @file:rmanpass.txt to  @file:./rmanpass.txt

host=<server name><domain>.net
port=8443
results=results.xml
username=gmuser
clientCert=gmuser_cert.p12
password=@file:./rmanpass.txt
encryptionPassphrase=@file:./rmanpass.txt

copy/pasted all files needed (cert, args,rmanpass) together under same gmu folder , example : 

C:\Users\GMU\GatewayMigrationUtility-1.7.02-1281

here not using env varibles on the command , but the following here for reference:
set jarDir=C:\Users\GMU\GatewayMigrationUtility-1.7.02-1281\
set JAVA_HOME=C:\Program Files\Java\jdk1.8.0_261
set JRE=C:\Program Files (x86)\CA Technologies - A Broadcom Company\Layer7 API Gateway Policy Manager 10.0.00.11263-CR03\jre

test#1 :

GatewayMigrationUtility.bat --jdk "C:\Program Files (x86)\CA Technologies - A Broadcom Company\Layer7 API Gateway Policy Manager 10.0.00.11263-CR03\jre" browse --argFile test.args --trustCertificate --trustHostname

Results Success!!

test#2 
GatewayMigrationUtility.bat --jdk "C:\Program Files (x86)\CA Technologies - A Broadcom Company\Layer7 API Gateway Policy Manager 10.0.00.11263-CR03\jre" list --argFile test.args --trustCertificate --trustHostname -t folder

Results Success!!

Other use Case:

If you do have problems adding the trusted certificate cacerts (ie. because you are not administrator privileges) . It is possible overcome the issue by calling trustcertificate in the migrate in command line as below.

GatewayMigrationUtility.bat migrateIn --argFile args/myargsfile.properties --bundle Migration/bundles_05_01/APIM_20230501.xml --destFolder "APIM" --results Migration/bundles_05_01/APIM_20230501_result.xml --trustHostname mygateway.domain.com --trustCertificate C:\sslcert