Have a look at this https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-32AD28E1-53C3-48E...
I think you want to use the Custom Certificate Authority mode for your ESXi host certificates.
- Obtain the certificates that you want to use.
- Place the host or hosts into maintenance mode and disconnect them from vCenter Server.
- Add the custom CA's root certificate to VECS.
- Deploy the custom CA certificates to each host and restart services on that host.
- Switch to Custom CA mode. See Change the Certificate Mode.
- Connect the host or hosts to the vCenter Server system.
Change the certificate Mode:
- In the vSphere Client, select the vCenter Server system that manages the hosts.
- Click Configure, and under Settings, click Advanced Settings.
- Click Edit Settings.
- Click the Filter icon in the Name column, and in the Filter box, enter vpxd.certmgmt to display only certificate management parameters.
- Change the value of vpxd.certmgmt.mode to custom if you intend to manage your own certificates, and to thumbprint if you temporarily want to use thumbprint mode, and click Save.
- Restart the vCenter Server service.
Consider giving Kudos if you think my response helped you in any way.