This article addresses whether a certificate chain that combines different cryptographic algorithms specifically, a Root CA using SHA3-ECDSA and an Intermediate CA using SHA2-RSA is supported when the Intermediate CA is used to sign certificates for VMware vSphere deployments.

VMware vCenter Server

vSphere do not support certificate chains that contain ECDSA-based CAs.

The Machine SSL certificate and its entire certificate chain including intermediate and root CAs must use RSA algorithms only.

Note: vSphere deploys only RSA certificates for server authentication and does not support generating ECDSA certificates. vSphere verifies ECDSA certificates presented by other servers. For example, if vSphere connects to a syslog server and the syslog server has an ECDSA certificate, vSphere supports verifying that certificate.

Documentation:

vSphere Certificate Requirements for Different Solution Paths
"Provided certificate using the weak signature algorithm. Please provide the strong signature algorithm certificate", Certificate Replacement on vCenter Server 8.0 Fails with Weak Signature Algorithm Error Message
Importing custom SSL certificates into vCenter fails with an error "Certificate uses unsupported signature algorithm - ecdsa-with-SHA256"