• After replacing the VCD certificates with a wildcard certificate, the Multisite Association status shows as "Partially Connected".
• In /opt/vmware/vcloud-director/logs/vcloud-container-debug.log or vcloud-container-info.log , the following error may appear:

Caused by: javax.net. ssl. SSLHandshakeException: SSLHandshakeException invoking https://XX.XXXX.in/api/versions
: No subject alternative DNS name matching XX.XXXX.XXXX.in found.

• Running "openssl s_client -connect FQDN:443" on other site shows that the *.domain cert is being used.
• Wildcard certificate has a SAN field in the format *.domain.in, while the VCD FQDN is *.xxxx.domain.in

VMware Cloud Director 10.x

• When a wildcard certificate’s Subject Alternative Name (SAN) begins with *., it only matches the immediate subdomain (the leftmost part of the domain). It does not match subsequent subdomains or the base domain.
• For example, a certificate with *.example.com will match foo.example.com, but it will not match bar.foo.example.com or example.com. Essentially, the wildcard only covers a single level of subdomain directly to the left of the domain.

Obtain a more specific wildcard certificate, such as *.xxxx.domain.in. After acquiring the correct certificate, replace the existing wildcard certificate in your VCD environment.

https://www.rfc-editor.org/rfc/rfc6125#page-27