vCenter Single Sign On expects the certificate to be in Base64 encoded DER format only. This issue may occur if there is any other data, such as the printed DER certificate information, before the -----BEGIN CERTIFICATE----- line (that marks the beginning of the Base64 encoded section) in the certificate file. This can happen during the certificate generation depending on how it was done.
To resolve this issue: