When using a Custom certificate for vCenter's Machine SSL certificate, the Certificate Signing Request (CSR) not able to be signed by the Certificate Authority. 

Possible error from the CA: "The Submitted P10 is being rejected because it contains one or more unsupported cryptographic algorithms. Please revise the P10 submission and ensure the following: 1. If the P10 is for RSA key, the key size is 2048 bits and that the P10 is signed using SHA-256 hashing algorithm. 2. If the P10 is for Elliptic Curve key, make sure that the curve used is P384 and the P10 is signed using SHA-384 hashing algorithm".

VMware vCenter Server 8.x

When generating CSRs, vCenter Server uses a default of 3072-bit keys. Some Certificate Authorities may not accept this default. 

Run this command to generate a custom CSR using a key size of 2048 bits:    openssl req -newkey rsa:2048 -keyout private.key -out vcenter-name.csr

Submit the generated CSR to the Certificate Authority.