1.There are 2 paired cloud sites (for example, A and B).

2.Cloud site A regenerate self-signed cert for both tunnel and replicator service.

3.When repair the peer with updating the peer on the provider displayed an error:

"Unable to find SSL/X509 certificate at https://xxxxxxxx."

4.Cloud site A ​​showed the remote replica and its own replica working properly, but the tunnel certificate status was incorrect, displaying the error:

"Generic error during the SSL handshake."

5. Cloud site B displayed the remote replica's status as offline, with an error:

"Certificate differs from the expected one."

While Updating the peer on the provider displayed an error:

"Generic error during the SSL handshake."

6. Running curl -ikv https://<same address> from the tunnel VMs on both sites could fetch the latest certificate.

VMware Cloud Director Availability 4.7.x

vCDA management need to trust the new tunnel certificates with below steps:

1.Login to vCDA provider portal and open the settings.

2.Click the edit after the tunnel settings/Primary Tunnel Service address.

3.Click the ok without any change and accept the pop-up certificate.

4.Check the status of tunnel service and perform site repair on both peer.