Certificate Status vCenter Alarm


Just a quick post to give details on how to fixed the Certificate Status alarm in vCenter.

Error Certificate Status in vCenter.

This was the VMware article used in the end:


Started off by running this command:

for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;
vecs-cli store list

One of the commands above will give you a clue what certificate has expired, then list details of the store that it’s in (You need the Alias):

vecs-cli entry list --store <NameOfStore>

When i’d found an expired certificate, used the command below to remove it:

vecs-cli entry delete --store <NameOfStore> --alias <Alias>

It was simple in the end, however always make sure you have a vCenter snapshot first.

Leave a Reply

Your email address will not be published. Required fields are marked *