Further to this post...

Configuring VMware vSphere 6.0 VMware Certificate Authority as a subordinate Certificate Authority

     ...we have now installed a brand new VCSA. It's a clean installation.

As per support recommendation, I am now trying to do 'Option 1: Replace Machine SSL certificate with Custom Certificate' using a Microsoft CA

This is the error message:

2016-07-13T15:24:25.268Z INFO certificate-manager Serial number before replacement: <redacted>

2016-07-13T15:24:25.268Z INFO certificate-manager Serial number after replacement: <redacted>

2016-07-13T15:24:25.268Z INFO certificate-manager Thumbprint before replacement:<redacted>

2016-07-13T15:24:25.268Z INFO certificate-manager Thumbprint after replacement:<redacted>

2016-07-13T15:24:25.268Z INFO certificate-manager MACHINE_SSL_CERT certificate replaced successfully. SerialNumber and Thumbprint changed.

2016-07-13T15:24:44.90Z ERROR certificate-manager Error while replacing Machine SSL Cert, please see /var/log/vmware/vmcad/certificate-manager.log for more information.

2016-07-13T15:24:44.91Z ERROR certificate-manager 'lstool reregister' failed: 1

A support case is pending. But if anyone has any ideas?

<rant>

It is incredibly frustrating that something (replacing an SSL certificate) that ought to be so simple is so difficult.

It is immensely annoying to know that the certificate manager is capable of completely trashing a VCSA.

How are VMware justified in marketing this new ver.6 appraoch as a "simplification" of SSL certificate management?

</end of rant>

thanks

Robert