If using the default VMCA certificates is chosen, then the root certificate should be retrieved and deployed as a trusted root certificate. While this is not a requirement, the annoying untrusted security notices would always appear when accessing the vSphere Web Client if not done. This is seen in the following screenshot:

This is a multistep process that will include retrieving the root certificate from vCenter Server, converting it to a .cer format, and then deploying it as a trusted root certificate. Typically, the easiest way to do this is by using Group Policy.

To begin this process: