As it always goes, I made progress right after my last post.
After getting the error, it seems that the certificate is put in place, because if you browse to https://vcenter:7444/lookupservice/sdk, the correct certificate does appear. I then ran OpenSSL s_client to verify that the certificate is valid and this is what I got:
vCenter55:/ # openssl s_client -connect 192.168.33.128:7444 -status ### The command I ran the first time
CONNECTED(00000003)
OCSP response: no response sent
depth=1 /C=ZA/ST=Gauteng/L=Pretoria/O=company/OU=Certificate Authority/CN=company Root CA
verify error:num=19:self signed certificate in certificate chain ### Seems the appliance doesn't like the self-signed certificate
verify return:0
---
Certificate chain
0 s:/C=ZA/ST=Gauteng/O=company/OU=VMware vCenter Service Certificate/CN=vCenter55.company.co.za
i:/C=ZA/ST=Gauteng/L=Pretoria/O=company/OU=Certificate Authority/CN=company Root CA
1 s:/C=ZA/ST=Gauteng/L=Pretoria/O=company/OU=Certificate Authority/CN=company Root CA
i:/C=ZA/ST=Gauteng/L=Pretoria/O=company/OU=Certificate Authority/CN=company Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIID9jCCAt6gAwIBAgICAS.......FBQAwfjELMAkGA1UEBhMCWkEx
-----END CERTIFICATE-----
subject=/C=ZA/ST=Gauteng/O=company/OU=VMware vCenter Service Certificate/CN=vCenter55.company.co.za
issuer=/C=ZA/ST=Gauteng/L=Pretoria/O=company/OU=Certificate Authority/CN=company Root CA
---
No client certificate CA names sent
---
SSL handshake has read 2309 bytes and written 441 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: 540771BD58058D6BD2F7C0B673A0D5740FC964C9179DC83DDA9EDA0BCAEB06C7
Session-ID-ctx:
Master-Key: 8BDD035D2FCB5645DECF21B5BB26B6C46C6A964DBD8B5E54EA4CEF1893B75E2D2C2C904E1162B808BA7BBD5CFDDEE22E
Key-Arg : None
Start Time: 1409774013
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain) ### The return code 19, as seen above, is and error
---
vCenter55:/ # openssl s_client -connect 192.168.33.128:7444 -CApath /etc/ssl/certs ### This time I ran it while specifying the folder where my root CA is kept
CONNECTED(00000003)
depth=1 /C=ZA/ST=Gauteng/L=Pretoria/O=company/OU=Certificate Authority/CN=company Root CA
verify return:1 ### No error this time.
depth=0 /C=ZA/ST=Gauteng/O=company/OU=VMware vCenter Service Certificate/CN=vCenter55.company.co.za
verify return:1
---
Certificate chain
0 s:/C=ZA/ST=Gauteng/O=company/OU=VMware vCenter Service Certificate/CN=vCenter55.company.co.za
i:/C=ZA/ST=Gauteng/L=Pretoria/O=company/OU=Certificate Authority/CN=company Root CA
1 s:/C=ZA/ST=Gauteng/L=Pretoria/O=company/OU=Certificate Authority/CN=company Root CA
i:/C=ZA/ST=Gauteng/L=Pretoria/O=company/OU=Certificate Authority/CN=company Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIID9jCCAt6gAwIBAgI......wfjELMAkGA1UEBhMCWkEx
-----END CERTIFICATE-----
subject=/C=ZA/ST=Gauteng/O=company/OU=VMware vCenter Service Certificate/CN=vCenter55.company.co.za
issuer=/C=ZA/ST=Gauteng/L=Pretoria/O=company/OU=Certificate Authority/CN=company Root CA
---
No client certificate CA names sent
---
SSL handshake has read 2309 bytes and written 465 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: 54077230E37AC53541373C907E213A8ED19EA02DF5EAFA47C28BF114DA3D68E1
Session-ID-ctx:
Master-Key: F8226AA2B758500D90B0137632F14752FB617E749577C7B4826CD541B1DE6D8BA8F4C3FA24CE59F734E8D5176D1F43AB
Key-Arg : None
Start Time: 1409774128
Timeout : 300 (sec)
Verify return code: 0 (ok) ### This time the cert is OK
Turning my attention to the 02-inventoryservice script...