When attempting to add a host to vCenter, the operation fails with the following errors:

“A general system error occurred: unable to push CA certificates and CRLs to host.”
“Could not connect to the host due to unspecified condition.”

However, adding the host using "thumbprint" mode completes successfully. Relevant logs for this issue are found in:
/var/log/vmware/vpxd/vpxd.log

YYYY-MM-DDTHH:MM:SS info vpxd[221719] [Originator@6876 sub-Main] [VpxdMain] Setting OpenSSL verify locations CAFile= CAPath=/etc/ssl/certs
YYYY-MM-DDTHH:MM:SS info vpxd[221719] [Originator@6876 sub=Default] Creating SSL Contexts
YYYY-MM-DDTHH:MM:SS warning vpxd[221719] [Originator@6876 sub=VpxProfiler] Init [Vpx: :Common: : Sso: : SsoFactory_CreateFacade ( sslContext, ssoFacadeConstPtr) ] took 6 ms
YYYY-MM-DDTHH:MM:SS info vpxd[221719] [Originator@6076 sub-CryptoManagerAWS] Curl#ttpClient Initializing Curl library with version: 8.1.2, ssl version: OpenSSL/3.0.7
YYYY-MM-DDTHH:MM:SS error vpxd[] [Originator@6876 aub=vpxCrypt] [VpxPublicKey: : VpxPublicKey (const std: : string&)] openssl error:[VpxPublicKey: :VpxPublicKey) error in BIO_read filename ()
YYYY-MM-DDTHH:MM:SS error vpxd[] [Originator@6876 sub=vpxCrypt] [VpxPublicKey: : VpxPublicKey (const std: : string&)] openssl error:[VpxPublicKey: :VpxPublicKey] error in BIO_read_filename ()

The issue is caused by a corrupted vpxd.cfg configuration file. As a result, /etc/ssl/certs is not recognized as CA path to push to the ESXi host.

1) Recreate the corrupted or empty vpxd.cfg file by following the instructions provided in the Broadcom Knowledge Base: Recreate corrupt/empty vpxd.cfg file – Broadcom KB

2) Restart the vpxd service to apply the changes.

3) Reattempt adding the host to vCenter. The process should now complete successfully.