I have a strange problem that I have been working on all day and just don't know what else to do.

I migrated my internal CA to 2016 server which required me to update my certs for vSphere.  I went though the steps and thought all was good until I tried to SSH into the VMCA.  I kept getting Access Denied errors when logging in with the root account.  It eventually locked the account and found steps to unlock it and I even tried resetting the password.

Now here is what is strange.  All of my hosts and vCenter show the correct certificate in my browser.  Even the PSC URL is good (https://vmca.domain.com/psc).  I am able to login all fine and dandy.  However, if I go to https://vmca.domain.com:5480 it shows the certificate from my old 2012 CA which is no longer online and I cannot login.  But if I go to https://vmca:5480 I can login but the certificate is still wrong.

I also cannot access the VMCA with WinSCP, keeps giving me authentication errors.  I cannot SSH into it with my root account, just keeps saying Access Denied.  I can SSH with my administrator@vsphere.local account but I can't do a whole lot.

So what I want to do is reset everything back to self-signed certs and go through the process again but cannot get anywhere.  Hoping someone has some ideas for me to try.  Any help would be appreciated.

Thanks.