The TMC-SM for VCD tech preview only has support for CSE 4.0.3. This is the cause of the initial error you had.
The tech preview utilizes an unreleased build of the UI which allows you to inject trusted certificates into the cluster. CSE 4.1 is the first release which allows you to specify certificates to be trusted by the bootstrap VM or cluster. As you've identified, these certificates are now specified at the provider level. This behavior is closer to what the experience will be like when TMC-SM for VCD is released.
