This looks like the doc you need. Start at page 130
http://pubs.vmware.com/vsphere-55/topic/com.vmware.ICbase/PDF/vsphere-esxi-vcenter-server-55-security-guide.pdf
Looks like mostly TCP 443, 9443, 9090, 902 but there is a whole table on pg 132
I think this is the part you were asking about:
Connecting Through vCenter Server with the vSphere Client
When you are connecting with the vSphere Client, the required ports depend on whether you connect directly to the ESXi host or you connect to a vCenter Server system.
Port 443
Port 443 connects clients such as the vSphere Web Services SDK to ESXi
through the Tomcat Web service or the SDK. The host process multiplexes
port 443 data to the appropriate recipient for processing.
When the vSphere SDK is connected directly to ESXi, it can use this port to
support any management functions related to the host and its virtual
machines. Port 443 is the port that clients such as the vSphere SDK assume is
available when sending data to ESXi. VMware does not support configuring
a different port for these connections.
Port 902
This is the port that vCenter Server assumes is available for receiving data
from ESXi.
Port 902 connects vCenter Server to the host through the VMware
Authorization Daemon (vmware-authd). This daemon multiplexes port 902
data to the appropriate recipient for processing. VMware does not support
configuring a different port for this connection
Connecting Directly with the vSphere Client
With the vSphere Client, you can connect directly to an ESXi host.
Port 902
The vSphere Client uses this port to provide a connection for guest operating
system MKS activities on virtual machines. It is through this port that users
interact with the guest operating systems and applications of the virtual
machine. VM
Best Answer
Connect to the VMware vCenter Server Appliance over SSH
Open the shell
To view the certificate store
To view details of a certificate in the store