Navigate to vCenter UI -> Administration -> Certificate Management -> Machine SSL Certificate -> Actions -> Renew
The new certificate has the below x509 extensions. The "X509v3 Subject Key Identifier" extension is missing
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:vc.test.local
X509v3 Key Usage:
Digital Signature, Key Encipherment, Key Agreement
X509v3 Authority Key Identifier:
keyid:9E:51:8A:25:B4:F6:17:FE:23:11:F4:59:A4:0C:7B:93:73:1A:A6:1C
vCenter 7.x
vCenter 8.x
Broadcom engineering Team is aware of the issue and would be fixed in future version.
Workaround:
Navigate to vCenter UI -> Administration -> Certificate Management -> Machine SSL Certificate -> Actions -> Import and Replace Certificate -> Replace with VMCA certificate