The vCenter connection thumbprint will show a warning symbol instead of a green checkmark in most environments.

This is technically not an issue and does not impact the product. However, you can change it to a green checkmark if your team desires.

Site Recovery Manager 8.x

Live Recovery Manager 9.x

 * Download root CA from VC URL
 --> VCenter https://VC-IP.vsphere.local/   
 --->On righthand side: Download trusted root CA certificates --> Save link as...  certs.zip

* Unzip certs.zip and extract the certs/Win Security Certificate .crt files..ie 569febba.0.crt  d2696a15.0.crt
  You will need 1 for each vCenter  . Look at Issuer/Subject to determine which vCenter the crt relates to

You can choose the action based on CLI/UI. 

1. Using Command Line Interface.

* SCP relevant crt files to SRM /tmp folder

*ssh to SRM /tmp
 Convert .crt to .pem 
 - cd /tmp
 - openssl x509 -in 569febba.0.crt -out 569febba.pem
 
* Copy to SRM .pem files to cert location
 - cp 569febba.pem /etc/ssl/certs/
 - cd /etc/ssl/certs/
 - chmod a+r 569febba.pem
 - SRM88 # rehash_ca_certificates.sh

* Refresh SRM UI, check Connection thumbprint.

2.Using SRM Appliance UI

* Access to SRM UI (https://<SRM appliance>:5480) and login with admin user.

* Click Certificates > CA Certificates > root tab

* Click "ADD" link

* open crt file and copy all contents and paste to "Add certificate in PEM format" section in popup window.

* Click "ADD" button

* refresh SRM UI, check Connection thumbprint.

If customer is using custom certificate, we might move all the root and intermediate certificate and let the appliance choose correct certificate.