Symptoms:

When attempting to make CA changes in the UI, specifically to remove current Certificate Authority the changes do not commit

Internal API does not apply via UI endpoint

Workaround:

1. Make an offline backup of VCF appliance - snapshot of the SDDC Manager VM is enough.
2. Use API explorer to run the following API GET /v1/certificate-authorities to get list of all CA.
3. Capture the ID for the MS CA 
4. Run the API DELETE /v1/certificate-authorities /[ID] -- replace [ID] with the ID of the MS CA found running the get API
5. Confirm the CA is removed in the UI

Certificates APIs | VMware Cloud Foundation API - Reference

Issue is addressed in VCF 5.x