The Nessus  vulnerability scan report for ESXi host flags "Plugin ID 51192 SSL Certificate Cannot be Trusted"

Plugin 51192 will have output similar to "The following certificate was at the top of the certificate chain sent by the remote host, but it is signed by an unknown certificate authority"

vSphere ESXi 7.x

vSphere ESXi 8.x

It is usually because the certificate at the top of the Certificate Chain is signed by an unknown certificate authority. The Certificate Authority that signed ESXI host certificate is unknown to Nessus.

When the ESXi is using self-signed certificates, until the ESXi host certificate is refreshed with respective VC name and is valid you can safely ignore the scan results and applied for whitelisting.

Incase if you wish to have no servers listed in the scan, you need to replace the host certificates as well to a trusted/CA signed ones.

Company should either generate CSR and have the certificate signed by a CA they trust(either their Enterprise CA or Public CA) and apply for the hosts to run with trusted CA signed certificates 

or can download the ESXi certificate using browser and import it to Nessus and other software that is used for scan