When PSCs are in HA configuration, the Service Registration Endpoints for the Load Balancer has to be updated in the VMDir of both PSCs. This is documented in article Configuring PSC Appliance for High Availability in vSphere 6.5/6.7 and is mandatory to perform post an upgrade of the PSCs, for e.g. from 6.5 to 6.7.
If the above steps are not performed, the vCenter login or logout would report the "issuer
error.not trusted
"
Follow the article Configuring PSC Appliance for High Availability in vSphere 6.5/6.7 and complete the "Configuring Platform Service Controller HA in vSphere 6.7" steps.