Just some more information about where the issue seems to be. None of the below made a difference but I add it for the record.
Going through the 02-inventoryservice script, it reaches a point where it calls the vi_regtool, which is a Java application. When you get the message "Initializing registration provider" and "Getting SSL certificates for https://...", it is within in this Java application. More precisely, it is when it runs the command 'exec -a vi_regtool $JAVA_BIN "$LOG4J_CONF" $JAVA_OPTS -jar "$VI_REGTOOL_JAR" "$@"'.
Since Java has its own certificate store, I added my self-signed certificate into the Java cacerts store. I even created an intermediate CA to sign the server certs with and added this cert into the store too. On vCSA the Java JRE home is at /usr/java/jre-vmware. To add the CA to the Java store, run this command while withing the JRE HOME folder: bin/keytool -import -trustcacerts -alias MyRootCA -file RootCA.crt -keystore lib/security/cacerts. This adds the cert successfully, and even after rebooting the appliance, I still cannot run 02-inventoryservice to completion.
I get: server certificate assertion not verified and thumbprint not matched.
Return code is: SSLHandshakeFailed.
Andre