• HCX Site Pairing is down and it shows the error message below.
  Host name '<HCX-Cloud_IP>' does not match the certificate subject provided by the peer (CN=hcx.sddc-###-###.vmwarevmc.com, O="VMware, Inc", L=Palo Alto, ST=California, C=US)
  
  
  
  
• While the screenshot above is taken from a VMC-HCX deployment, this issue is not specific to VMC and may occur in any HCX environment.
• The HCX Site Pairing is configured using an IP address in the "Remote HCX URL" field.

VMware HCX
HCX deployed on VMware Cloud on AWS

This issue can be resolved by following the steps outlined below. This procedure must be performed on your Source (On-Premises) HCX environment.

• Click vSphere Client > HCX > Infrastructure > Site Pairing (This can also be done via HCX 443 hybridity page)
• Click the "EDIT CONNECTION" link in the existing Site Pairing.
  
  • 
  
  
  
• Fill in the correct 'Username' and 'Password' and click the “EDIT” button.
• Click the "IMPORT CERTIFICATE" button on the "Certificate Warning" popup.
   
  
• Validate that the earlier warning/error is gone.

• Importing Trusted Certificates from a Remote Site
• If the Site Pairing is down, configuration workflows will fail and no migrations can be scheduled from HCX Connector or source Cloud Manager. Existing Network Extension services will remain active indefinitely but no configuration changes can be made on those, except for "unstretch", which can be forced from the target HCX Cloud Manager's side.
• When creating Site Pairing, use Target HCX FQDN in "Remote HCX URL" instead of IP Address.