When running vSphere 6.5 deployments in default (recommended) mode, VMware Certificate Authority is its own root certificate authority. Everything fine and secure with this configuration, but your browser displays a warning because the root certificate is not trusted.
I made a little script (VBS) that pulls the CA certificate from a vCenter Server or Platform Services Controller and adds it to the local trusted root certificates store. When the root CA is trusted, browser warnings are gone.