• vCenter certificate was replaced outside the SDDC Manager and directly on the vCenter.
• /var/log/vmware/vcf/commonsvcs/vcf-commonsvcs.log contain below error :
  
  YYYY-MM-DDTHH:MM:SS.163+0000 ERROR [common-################, 0eae6] [o.v.v.e.a.v.vSphere.VcManagerBase.os-exec-10] Immediately throwing on SSL exception
YYYY-MM-DDTHH:MM:SS.163+0000 ERROR [common-################, 0eae6] [o.v.v.i.s.util.VcSyncManager$$Utils.os-exec-10] Error connecting to vCenter vcenter, with exception (
com.vmware.vim.vnmi.client.exception.SslException: javax.net.ssl.SSLHandshakeException: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.vmware.vim.vnmi.client.common.impl.ResponseImpl.setError (ResponseImpl.java:265)
at com.vmware.vim.vnmi.client.http.impl.HttpExchangeBase.setResponseError (HttpExchangeBase.java:355)
at com.vmware.vim.vnmi.client.http.impl.HttpExchange.invokeWithinScope (HttpExchange.java:59)
at com.vmware.vim.vnmi.client.core.tracing.NoopScope.run (HttpExchange.java:120)

VMware Cloud Foundation

SDDC Manager fails to trust the new vCenter root certificate as it was replaced outside the SDDC.

To resolve this issue, Import the new vCenter root certificate to the SDDC Manager.

• Take a snapshot of the SDDC Manager appliance
• Download the script "VcRootCaSync.py" from here and transfer to the SDDC Manager via winscp or any scp tool.
• SSH to the SDDC Manager with vcf account and elevate to root, Then run the below script -
  
  python VcRootCaSync.py
  
  Refer to the KB How to import the vCenter root certificate into the SDDC manager TrustStore for the detailed steps.
  

• Restart the SDDC Manager services 
  
  /opt/vmware/vcf/operationsmanager/scripts/cli/sddcmanager_restart_services.sh


• SDDC Manager UI should be accessible now.