I can see that your certificate is on the TRUSTED_ROOT store, could you please confirm me if when you followed this procedure did you edited the certool.cfg: Generate a New STS Signing Certificate on a vCenter Windows Installation
I am asking this because you are using the default values:
X509v3 Subject Alternative Name:
email:email@acme.com, IP Address:127.0.0.1
Or are these values from the old certficate?
