When attempting to replace the vCenter machine SSL certificate with a new custom certificate through the vSphere Client using the steps in the linked documentation below, the following error is received:

[CERTIFICATE] Replace cert Failed: Exception found (Invalid private Key :Illegal object in getInstance: org.bouncycastle.asn1.DLSequence)

Add Custom Certificates Using the vSphere Client

vCenter 8.x

Applying a new custom machine SSL certificate to a vCenter Server through the vSphere Client GUI also requires the certificate signing request (CSR) to be generated from the vSphere Client.  If a different CSR is used such as one from the Certificate Manager, the replacement of the machine SSL certificate will fail.

To apply a new custom machine SSL certificate to a vCenter Server using the vSphere Client, please follow the steps detailed in the following documentation:

Generate Certificate Signing Request for Machine SSL Certificate Using the vSphere Client (Custom Certificates)

Add Custom Certificates Using the vSphere Client

Additional methods can also be used to renew or replace the machine SSL certificate on a vCenter Server:

• Certificate Manager
  • Using vSphere Certificate Manager to Replace SSL Certificates
• vCert utility
  • vCert - expired certificate replacement script