Management centers on failover were deployed using different serial numbers.
Management Centers appliances are running version 3.3.x.x or 3.2.x.x 
Prior 3.3.x.x or 3.2.x.x upgrade, Management centers were running version 3.1.3.x or 3.1.4.x and were configured as failover.  
There are NO other Management Center deployed using same serial number in another server.
MC is able to access internet and validate.es.bluecoat.com

Management Center hardware devices may show "Invalid License".  

Management centers were running 3.1.3 or 3.1.4.x and were configured as failover 

Management Center 3.1.3.x or 3.1.4.x acting as secondary may incorrectly replicate bluecoat-appliance certificate of the primary. 

This was a bug on 3.1.3.x and 3.1.4.x. 

If not yet disabled, disable the failover on both units (optional for 3.3.x version) then refetch/ reinstall the license and re enable back the failover.

• To disable the failover on primary and secondary, run the following commands:

enable

conf t

failover disable

• For Management Center VAs, refetch / reinstall the license by running following CLI commands:

enable

licensing load username <your broadcom portal username> password (hit enter on your keyboard to be prompted to type in your password)

**Note:  You should see an OK message after the command above**

• For MC hardware devices, refetch / reinstall the license by running the following CLI command

enable

request-appliance-certificate

• For offline licenses or MC hardware that does not have access to licensing server,  you will need to download your license from Broadcom Portal to be installed on your management center

Verify that you are seeing the serial number of the unit under Subject's CN field of  bluecoat-appliance keyring

E.g

mc-11# show ver
Symantec Management Center release 3.2.1.1 (265101)
Serial number: 0011223344
NIC 0 MAC: <mac address>

mc-11# show ssl keyring bluecoat-appliance
Keyring ID:                 bluecoat-appliance
Private key showability:    show
Signing request:            absent
Certificate:                present
Certificate subject:        C=US,ST=California,O=Blue Coat Systems, Inc.,OU=BlueCoat SGVA Series,CN=0011223344
Certificate issuer:         C=US,ST=California,L=San Jose,O=Broadcom Inc.,OU=ABRCA,CN=Virtual Appliance Birth Certificate Intermediate CA
Certificate valid from:     Jun 23 05:46:04 2021 GMT
Certificate valid to:       Jun 24 12:46:04 2026 GMT
Certificate thumbprint:     <certificate thumbprint ID>

mc-11#

Renable failover on your primary and secondary

Notes:

Fetching the license (e.g. licensing load <with credentials>) is needed once you are in 3.2.x

Once birth certificate is correct, the fix in 3.2.x should prevent the birth certificate to be replicated on failover.