I have had some customers with a problem that they can’ add ESXi hosts to a vCenter after upgrading to 6.7 Update 3/3a, I have not check 3b.
When trying to add the host to the vCenter they get this error:
A general system error occurred: Unable to push CA certificates and CRLs to host <hostname/IP>
All the customer that I have see this problem at, has all changed away from the default Certificte i the vCenter, ether they are using certificate from a CA authority og just change them on the vCenter. But that might be a coincidence, it might also be because the vCenter i upgraded.
Something has changed with the vCenter in 6.7 update 3, regarding have it creates the ESXi host certificate, or pushes certificates out to the hosts.
The solution is to change an advanced setting on the vCenter; vCenter -> Configure -> Settings -> Advanced Settings:
vpxd.certmgmt.mode = thumbprint
This may also affect other operation on the ESXi hosts, I have not checked, but I think that it also means that you can not push new certifices to hosts, already added, and maybe also other things.
I hop that VMware will create an KB on this, and even better fix this issue.