• When an unlinked vCenter Server  is set as the migration target, a security alert "Could not verify the authenticity of the external vCenter Server" is displayed.
• Selecting "Yes" and trusting it allows xvMotion to complete without errors.
• Even after selecting "Yes" once, the same security alert is displayed with each new user session.

vSphere 8.x

When connecting to an unlinked VC, it is expected behavior that trust verification is performed for each session.

To avoid a security alert every time, you can use one of the following methods:

• Set up a link between VCs.
  
  
• Install the certificate of the signer of the target VC's Machine SSL certificate into the source VC's Trusted Root by following the steps below.

  1. View the Machine SSL Certificate of target VC through the command:

  /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store MACHINE_SSL_CERT --text
  Find Issuer start with "Issuer: CN=xxx..."

  2. Find that issuer certificate among the TRUSTED_ROOTS.
  Use the following command to list all certificates in TRUSTED_ROOTS:
  
  /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store TRUSTED_ROOTS --text

  Find a self-signed certificate whose subject is the same as the issuer of the certificate from step 1.
  That's the certificate you should export.

  3. Export that certificate:
     /usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store TRUSTED_ROOTS --alias <the-alias-of-the-cert-from-step-2> --output <file-name-into-which-to-export-the-cert>

  4. Import that certificate into the TRUSTED_ROOTS of source VC.
  Use the command:
  /usr/lib/vmware-vmafd/bin/dir-cli trustedcert publish --cert <the-cert-file-step3> --login '[email protected]' --password '<the-administrator-password>'