PowerProtect Data Manager - Error "403: Server Certificate is not trusted" when attempting to enable 'Secure' option for SSL connection

After configuring 'Secure' connection and clicking the 'Save' button to save Directory Settings in the web console, the following error is reported:

"403: Server Certificate is not trusted"

The 'Server Address' supplied in the 'Edit Directory' settings is a load balancer. The load balancer may route the AD request to any of several different AD domain controllers.
If a specific domain controller's Fully Qualified Domain Name(FQDN) is supplied as the 'Server Address', the configuration can be saved.
Each domain controller has an SSL certificate that contains the load balancer name and one domain controller FQDN in the 'SubjectAlternativeNames' field.

PowerProtect Data Manager downloads the certificate to verify that it has a future expiration date and the correct certificate format.
During 'Save', PowerProtect Data Manager rechecks the connection to the server from which the certificate was obtained, to verify that the thumbprint matches the downloaded cert.
This check fails because the load balancer connected the PowerProtect Data Manager client to another server that has a different certificate.

1) From the Administration->Access Control->Directory Settings page, Edit the configuration.
2) Change the 'Server Address' to the FQDN of one of the AD domain controllers that is a possible target from the load balancer.
3) Click the Verify button to import the certificate.
4) Repeat steps (2) and (3) for each different AD domain controller that is a possible target from the load balancer address.
5) Change the 'Server Address' back to the load balancer name.
6) Click Save.
Another possible solution could be to:
1) Create one certificate for AD that contains all possible domain controller FQDNs and the load balancer FQDN in the SubjectAlternativeNames field. 
2) Update the domain controllers with the new cert.
3) Configure Administration->Access Control->Directory Settings to use the load balancer name.
4) Click the Verify button.
5) Save the configuration.

Use ppdmtool and openssl to view the contents of an imported certificate on the PowerProtect Data Manager server:
1) ssh to PowerProtect Data Manager server as admin.
2) Run:

ppdmtool -l

Each record in the listed output has four columns separated by commas as in this example:

mydc.company.com:636:host, Jul 12, 2024, trustedCertEntry,
Certificate fingerprint (SHA-256): 22:38:CA:00:8E:D0:50:18:F4:B8:C6:3F:94:69:34:1F:15:24:3B:11:26:15:EC:84:8B:DD:3F:04:CD:44:55:D6

The output format is: Alias, Date, Type, fingerprint
The 'alias' for the certificate starts with the FQDN on the left and ends at the first comma:

mydc.company.com:636:host

3) Export the certificate with ppdmtool

ppdmtool -exportcert -a mydc.company.com:636:host

The file 'mydc.company.com:636:host.pem' is created in the current directory.
4) Use openssl to view the certificate content:

openssl x509 -in mydc.company.com:636:host.pem -text -noout

The output contains the contents of the SubjectAlternativeNames field to verify what is in the certificate.