Hmm, not the best support experience, is it? 
Thanks to the stuff in this thread, I did get it working acceptably, and having played this game for a week, I agree with you cepoon, I think the only certificate that really matters on the vCenter appliance is the first one.
In the end, I got it working like this: Deploy the vCenter appliance, add the ESXi hosts, and then - and ONLY then - replace the self-signed certificates on both the ESXi hosts and the vpxd service on the appliance. I'd massively prefer to put valid certificates everywhere before connecting anything to anything, but at least it's possible to use real certificates eventually.
I do wonder about what you say about linux being a tossed-in afterthought. vCenter is so badly implemented on there, and quite outstandingly slow to start up, it cannot have been designed for that environment. Plus, of course, the fact I found typos in a couple of the linux scripts that you're supposed to run to change certificates, that would never have got through any kind of testing - just try running the script, it throws errors!.
I wonder if the reason that it's a linux appliance is related to MS licensing as much as anything else? Hey-ho, never mind. It works (for a particularly low value of "works"), and if only it did some meaningful logging of stuff it wouldn't be that bad at all.