Symptoms.

• While Reconfiguring SRM appliance below error observed.  
   To Reconfigure SRM follow below Steps
   Login to VAMI page of SRM --> https://SRM-IP>:5480 -> Summary -> Reconfigure

Site Recovery Manager 8.x

SRM and vCenter establish a trusted connection using SSL certificates. If you replace the vCenter certificate (e.g., via a custom CA-signed certificate or VMCA regeneration), SRM will no longer trust vCenter unless that new certificate is explicitly trusted.

Cause Validation 

• Validate /opt/vmware/support/logs/dr/drconfig.log and found " The SSL certificate of STS service cannot be verified against the client-trusted thumbprint. 
  
  service:E4E5BFF7###########9ABF####A436####### Client-Trust:##:18:##:##:##:###:##:##:##:FF:##:##:48:##:##:##:##:##:##:##:02:##:##:##:##:F9:##:##:##:##:##:##
-- > com. vmware. vim. sso. client. impl.ssl. UntrustedsslCertificateException: The SSL certificate of STS service cannot be verified against the client-trusted thumbprint. STS-Service:#####E43###6E
#######3661947AFC###### Client-Trust : ##:18:##:OD:##:###:##:B8:2F:FF:09:##:48:##:F8:##:##:83:36:##:02:###:##:AG:##:F9:##:20:48:##:B8:##: ## :##:A6:##:36:##:02:58:##: ##: C9:##:##:##:###: ##: ##:##
at com. vmware. vim. sso. client. impl. ssl. StsSslTrustManager . validateServerIdentityWithThumbprint ( StsSslTrustManager . java: 220)
at com. vmware. vim. sso. client. impl. ssl. StsSslTrustManager. checkServerTrusted(StsSslTrustManager . java: 123)
at java.base/sun.security.ssl. AbstractTrustManagerWrapper . checkServerTrusted(Unknown Source)
at java.base/sun. security.ssl. CertificateMessage$T12CertificateConsumer. checkServerCerts (Unknown Source)
at java.base/sun. security.ssl. CertificateMessage$T12CertificateConsumer. onCertificate(Unknown Source)

  Run lsdoctor Using KB : 320837 check and for SSL Trust mismatch
  
  root@esxi01 [ /tmp/lsdoctor-250331 ]# python lsdoctor.py -l
ATTENTION: You are running a reporting function. This doesn't make any changes to your environment.
You can find the report and logs here: /var/log/vmware/lsdoctor
202#-04-##T13:54:54 INFO main: You are reporting on problems found across the sso domain in the lookup service. This doesn't make changes.
202#-04-##T13:54:54 INFO live_checkCerts: Checking services for trust mismatches ...
202#-04-##T13:54:54 INFO generateReport: Listing lookup service problems found in SSO domain
202#-04-##T13:54:54 ERROR generateReport: default-first-site\#######1. ##x. i##c.m##.###s. ##.my (VC 7.0 or CGW) found SSL Trust Mismatch: Please run python ls_doctor.py -- trustfix option on t
202#-04-##T13:54:54 INFO generateReport: No issues detected in the lookup service entries for 1#.###.###.#6 (SRM).
202#-04-##T13:54:54 INFO generateReport: Report generated:

•  Take an offline snapshot of the Vcenter if its in linked mode using instructions in KB : 313886
•  From VCenter cli move to lsdoctor directory and Run "python lsdoctor.py -t"
•  Enter administrator credentials 
•  Restart all the Vcenter services using command service-control--stop && service-control --start
•  Run python lsdoctor.py -l to validate if the errors are cleared. 
•  Reconfigure SRM appliance again and check if it gets successful. 

        To restore SSL trust by running the lsdoctor.py --trustfix command, which updates the trust relationship between vCenter and SRM. After fixing the certificate trust, restarting the vCenter services ensures that the changes are applied and that the communication channel between SRM and vCenter is properly re-established