I just got a Nessus violation on a ESXi host. The ironic thing is I only got it on one host and in vCenter I already did renew Certificate. It did not appear to resolve it. I looked at the Certificate on the box in vCenter and it looks fine.
What is the certificate being presented by the host itself?
That's a VMCA signed ceritificate and not a CA certificate which is why it shows not trusted. Why should that be trusted ? Replace with your Microsoft CA or any other CA to get it trusted .
Make sure to have the vpxd.certmgmt.mode to custom when using custom certs .