I've been playing with /usr/lib/vmware-vmca/bin/certificate-manager and was not able to fix this issue when trying to login into my vcenter.
Let me describe it a little bit further:
I have an SSO Appliance and a Virtual Center Server (Running on Nutanix although not relevant).
And we are decommissioning a Windows domain, so I changed the DNS settings and machines suffixes and configured authentication towards the new domain.
Authentication using the new domain was working fine but when checking the SSL certificate via browser I could see it was using the previous FQDN so I played with the certificate-manager and ended up screwing things as you can see.
I've tried option 2,4,8 (and of course I didn't take a snapshot) although if needed I can probably restore from Nutanix, this is the DR site so I don't have VMs here (besides those two appliances).
Version is 22.214.171.124200
SSO old name = srv-adl-usr-vsso.OldWinDomain.local
SSO new name = srv-adl-usr-vsso.NewWinDomain.local
VCenter old name =srv-adl-usr-vcs.OldWinDomain.local
VCenter new name =srv-adl-usr-vcs.NewWinDomain.local
On /var/log/vmware/vsphere-client/logs/vsphere_client_virgo.log I can see those error messages
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching srv-adl-usr-vsso.OldWinDomain.local found.
Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching srv-adl-usr-vsso.OldWinDomain.local found.
Caused by: com.vmware.vim.sso.client.exception.ServerCommunicationException: Error communicating to the remote server https://srv-adl-usr-vsso.OldWinDomain.local/sts/STSService/vsphere.local
I can ping the server using the new FQDN though.
I got a call from VMWare, they said you cannot rename the appliance suffix, this is considered as renaming the appliance, which is not supported.