I have tried removing a trusted CA from the certificate store using both the workflows and the Control Center and it doesn't seem to work. The workflow runs and the item looks like it is removed from the inventory but when I refresh the screen it comes back. Same thing with the control center. If I click the x its gone from the list but when I refresh the page its back.
Same thing on my end.
Can someone from the vRO team comment on this?
This is likely caused by the newly introduced configuration/certificate replication logic in cluster mode. There is a synchronization job that, if active, will resurrects certificate when it is deleted.
This job can be disabled by the following property in /etc/vco/app-server/vmo.properties (or via Control Center -> System Properties), and restart vRO service.
com.vmware.o11n.configurator.sync=disabled
After the job is disabled, you should be able to permanently remove the certificate.
FYI, it appears that this applies to single-node implementations as well...