The articles provides instruction to obtain and import  a VMware-installed self-signed Certificate for vCenter Server to each controller.

Instructions

Obtain and import a certificate

To protect vSphere communications, Citrix recommends that you use HTTPS rather than HTTP. HTTPS requires digital certificates. Citrix recommends you use a digital certificate issued from a certificate authority in accordance with your organization's security policy.

1. Add the fully qualified domain name (FQDN) of the computer running vCenter Server to the hosts file on that server, located at %SystemRoot%/WINDOWS/system32/Drivers/etc/. This step is required only if the FQDN of the computer running vCenter Server is not already present in the domain name system.
2. Obtain the vCenter certificate using any of the following methods:
   • From the vCenter server:
     1. Copy the file rui.crt from the vCenter server to a location accessible on your Delivery Controllers.
     2. On the Controller, navigate to the location of the exported certificate and open the rui.crt file.
   • Download the certificate using a web browser. If you are using Internet Explorer, depending on your user account, you may need to right-click on Internet Explorer and choose Run as Administrator to download or install the certificate.
     1. Open your web browser and make a secure web connection to the vCenter server; for example https://server1.domain1.com
     2. Accept the security warnings.
     3. Click on the address bar where it shows the certificate error.
     4. View the certificate and click on the Details tab.
     5. Select Copy to file and export in .CER format, providing a name when prompted to do so.
     6. Save the exported certificate.
     7. Navigate to the location of the exported certificate and open the .CER file.
   • Import directly from Internet Explorer running as an administrator:
     1. Open your web browser and make a secure web connection to the vCenter server; for example https://server1.domain1.com.
     2. Accept the security warnings.
     3. Click on the address bar where it shows the certificate error.
     4. View the certificate.
   • Import the certificate into the certificate store on each of your Controllers:
     1. Click Install certificate, select Local Machine, and then click Next.
     2. Select Place all certificates in the following store, and then click Browse.
     3. If you are using Windows Server 2008 R2:
        1. Select the Show physical stores check box.
        2. Expand Trusted People.
        3. Select Local Computer.
        4. Click Next, then click Finish.
        If you are using Windows Server 2012 or Windows Server 2012 R2:
        1. Select Trusted People, then click OK.
        2. Click Next, then click Finish.
   Important: If you change the name of the vSphere server after installation, you must generate a new self-signed certificate on that server before importing the new certificate.

https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-6-long-term-service-release/xad-build-new-enviroment/xad-install-prep-host-vmware.html

https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/install-configure/install-prepare/vmware.html