Just a quick post to give details on how we fixed this alarm in vCenter.
This was the VMware article used in the end:
Started off by running this command:
for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;
vecs-cli store list
One of the commands above will give you a clue what certificate has expired, then list details of the store that it’s in (You need the Alias):
vecs-cli entry list --store <NameOfStore>
When i’d found an expired certificate, used the command below to remove it:
vecs-cli entry delete --store <NameOfStore> --alias <Alias>
It was simple in the end, however always make sure you have a vCenter snapshot first.