Thank you again Daniel,
I am still have a niggly issue with SRM when pairing sites, where the one site cannot validate the vCenter server certificate on the other site.
Steps I have taken:
1) I have reconfigured both of my vCenter server's VMCA's to be subordinate to my Enterprise CA, Both completed successfully and I can browse to either vCenter server without getting browser security errors.
2) I have added my Root CA and both vCenter VMCA CA certificates to the both SRM appliances & re-run c_rehash (without error). They now have trusted connection thumbprints - the same thumbprints as the SRM site pairing does NOT trust!
3) I have created CSR's, signed them (with my root CA) and installed PKCS #12 certificates for both SRM appliances. I restarted both appliances and I can browse to them without getting a browser security error.
Do my vCenter Servers need each others VMCA CA certificate importing? Just tried this and it still errors.
I do not have any SSO/ELM between vCenter servers?
I need a sanity check, can you see/think what have I missed?
vCenter Server Appliance Version - 6.7.0 Build 13007421
VMware SRM Appliance Version - 8.2.0 Build 14383138
vSphere Replication Appliance Version - 8.2.0.8989 Build 14338525
Cheers
Martin