• After replacing an expired vCenter certificate (Machine SSL cert) SRM and VRMS is not accessible from vCenter.

• The Site Recovery UI is inaccessible from the production vCenter Server with error message "com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain is not trusted and thumbprint verification is not configured"

  
  
  
• While the DR Site Recovery UI remains accessible, both Site Recovery Manager and vSphere Replication are displaying a "Disconnected" status.

  

VMware Live Site Recovery 9.x
vSphere Replication 9.x

When the vCenter Machine SSL certificate is updated, the trust relationship between vCenter and its registered extensions (SRM/VR) must be re-established. If the SRM appliance certificate is updated using a short name instead of the Fully Qualified Domain Name a mismatch occurs during the SSL handshake with the vCenter Lookup Service. This prevents successful authentication and blocks the site pairing process.

For SRM, from var/log/vmware/dr-client-plugin/drplugin.log  event shows with "wrong hostname"

[srm-reactive-thread-123] INFO  com.vmware.dr.plugin.handlers.dashboard.SrmHealthStatusHandler ########-c362-4bf9-####-###############- Checking health using URL: https://srm-xxx-prod.xxxx.xxx.xxx.com:443/drserver
[srm-reactive-thread-121] WARN  com.vmware.dr.plugin.utils.ConnectionUtils ######-a754-4d23-####-#############- Problem occurred while checking connection to https://srm-xxx-prod.xxxx.xxx.xxx.com:5480/configure
java.io.IOException: HTTPS hostname wrong:  should be <srm-xxx-prod.xxxx.xxx.xxx.com>
        at java.base/sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(Unknown Source)
        at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
        at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
        at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
        at com.vmware.dr.plugin.utils.ConnectionUtils.connect(ConnectionUtils.java:79)
        at com.vmware.dr.plugin.utils.ConnectionUtils.connect(ConnectionUtils.java:66)

To resolve the thumbprint mismatch and restore services, the SRM and certificate must be updated to use the FQDN to match the vCenter registration.

Step 1: Update SRM and VR Certificate via VAMI

1. Log in to the SRM and VR Appliance Management Interface (VAMI) (https://<SRM-IP>:5480 / https://:<VR-IP>:5480)
2. Navigate to the Certificate tab.
   
   
3. Click on Change the certificate.
   
   
4. Ensure the FQDN of the SRM and VR appliance is entered.

Step 2: Reconfigure and Reconnect

1. Within the VAMI, initiate the Reconfigure task for the SRM and VR appliance.
   
   
2. Once the reconfiguration is successful, log in to the vSphere Client.
   
   
3. Navigate to Site Recovery > Site Pairs and perform a Reconnect to synchronize the production and recovery sites.