good day. My name is Dmitry. I use Vcenter 6.7 c VCSA. The original certificate that was signed from a single MS CA certificate authority expires.
A new PKI infrastructure is installed (isolated root CA-Issuer Enterprise-when installing Issuer and creating a new key, the use 4096 bit+SHA256 option was selected). Now you need to issue a certificate chain (VCSA cert+Subordinate Cer+RootCert).
I tried several ways to install an SSL certificate in VCSA + according to your article and for some reason I always get this error:

Please provide valid custom certificate for Machine SSL.
File : /tmp/vmca_issued_csr.cer

Please provide valid custom key for Machine SSL.
File : /tmp/vmca_issued_key.key

Please provide the signing certificate of the Machine SSL certificate
File : /tmp/PS-CA.cer

You are going to replace Machine SSL cert using custom cert
Continue operation : Option[Y/N] ? : Y
Command Output: /tmp/vmca_issued_csr.cer: OK

Get site nameCompleted [Replacing Machine SSL Cert...]
default-site
Lookup all services
Get service default-site:0f1ea8f1-f266-4a95-9f3b-a6c7c09af1e9
Update service default-site:0f1ea8f1-f266-4a95-9f3b-a6c7c09af1e9; spec: /tmp/svcspec_mepyimhx
Status : 0% Completed [Operation failed, performing automatic rollback]

Error while replacing Machine SSL Cert, please see /var/log/vmware/vmcad/certificate-manager.log for more information.

Performing rollback of Machine SSL Cert...
Get site nameus : 0% Completed [Rollback Machine SSL Cert...]
default-site
Lookup all services
Get service default-site:0f1ea8f1-f266-4a95-9f3b-a6c7c09af1e9
Update service default-site:0f1ea8f1-f266-4a95-9f3b-a6c7c09af1e9; spec: /tmp/svcspec_pqw9xdyk