I downloaded and loaded the root VMCA certificate into my system's certificate store today and trusted it. Now going to my vsphere web client and the vcenter server management portal presents no certificate warnings in Chrome. While I don't love using non root verified certs like this, I'd be ok if it at least worked for my ESXi hosts as well. Unfortunately it's provisioning certificates for more than 13 months for the ESXi hosts causing a certificate valid too long error. So far I haven't found a way to change that time frame. 

If that isn't possible then I'd like to manage all my certificates manually, I only have 3 hosts + vCenter so it's not too much to handle and I have a 3rd party CA already. I set the vpxd.certmgmt.mode in my vSphere to custom and rebooted my vSphere and an ESXi host but I'm still getting the message "This host's certificates are being managed by vCenter Server, you cannot configure them using the Host Client."