Performing those steps with the CA chain from Thawte didn't make a difference in this particular issue. The Root CA was already installed on the service, connector, and data vm's. I did install the intermediate CA as well.
Out of curiosity, could the wizardssl.hzn script be modified to install our Thawte certificate instead of a self-signed one? I'm not linux guru, but it seems that it's calling up a secondary script at /usr/local/horizon/scripts/installSslCert.hzn. Could the mismatch between the fact that currently the self signed cert is installed (since I've not been able to get past this step to 2h) on the vm's but the third part cert is installed on the load balancer have anything to do with this?