To resolve this issue check the following:

1. Verify that the customer DNS reverse lookup enabled for the PSC and nslookup resolves both the IP and FQDN of the PSC.
2. The SSL Certificate does not match to the pnid of the PSC Node, please check the Subject Alternative Name is same as the pnid of PSC.

• To display the PNID of a vCenter Server Appliance, log in to the vCenter Server and run below command:
  
  Appliance:
  /usr/lib/vmware-vmafd/bin/vmafd-cli get-pnid --server-name localhost
  
  Windows:
  C:\Program Files\VMware\vCenter Server\vmafdd\vmafd-cli get-pnid --server-name localhost 

• Run the following command to check the Subject Alternative Name field of the existing Machine SSL Certificate.
  
  Appliance:
  /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store MACHINE_SSL_CERT --text | grep -A1 Alternative
  
  Windows:
  C:\Program Files\VMware\vCenter Server\vmafdd\vecs-cli entry list --store MACHINE_SSL_CERT --text

• Run the following command to check the Subject Alternative Name field and the value of the DNS Name of Certificate.
  
  openssl x509 -in <path_to_certificate_file> -noout -text | grep -A1 Alternative 
  
  For example:
  
  openssl x509 -in mycert.crt -noout -text | grep -A1 Alternative 
  X509v3 Subject Alternative Name: 
  DNS:myserver.example.com, DNS:myserver