There are no clear instructions on how to replace the self-signed SSL certificates in VSC, with CA-signed ones. I'm using VSC for vSphere 6.2P1, with a Linux-based VCSA and ESXi versions 6.0U2. Also, cDOT NAS datastores, running 8.2.4P2.
Having installed the CA certificate, VSC SEEMS to work, SHA1 and all. However, it's a lurking problem. VSC can send mail about issues. Those emails end in a note that says: You can view the log entries at https://[fe80:0:0:0:0:5efe:a16:879%net3]:8043/smvi/logViewer?id=backup_All-VMs_20160519212800.
1) I'm not sure why, but it's giving an IPv6 address. Is there a place to change this? I have to manually rewrite it to a hostname based on my own knowledge of the windows box's name. 2) The SSL cert on port 8043 is NOT the replaced one, it's a self-signed one. Even if VSC is willing to accept talking over insecure connections from plugin to software, web browsers aren't happy with them.
So, summarizing: 1) VSC uses SHA1 certs. This is a bug. 2) VSC has no clear documentation of how to replace SSL certs for port 8143 with CA-signed ones in the 6.x world; the 4.x instructions APPEAR to work, but, this is a guess. 3) VSC has no documentation of how to replace SSL certs for port 8043 with CA-signed ones in the 6.x world. 4) SMVI mails have an IPv6 hostname, but no clear way to change it.