I have the same issue . Using default certs on the primary sso server.
When adding a second node , i got this error in vm-sso-javalib.log :
ERROR 3823[main] - com.vmware.vim.installer.core.logging.CoreLoggerImpl.error(?:?) - Could not validate the certificate, Exceptioncom.vmware.vim.sso.admin.exception.CertificateValidationException: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate assertion not verified and thumbprint not matched
Any ideas ?