To un-publish expired/expiring certificates from TRUSTED_ROOTS VECS Store:
C:\Program Files\VMware\vCenter Server\vmafdd>vecs-cli.exe entry list --store TRUSTED_ROOTS --text | more
/usr/lib/vmware-vmafd/bin/vecs-cli entry list --store TRUSTED_ROOTS --text | less
Alias : 2b724e6dd26e38b369a020f279f3bfc3369e2e7f
X509v3 Subject Key Identifier:
ED:CF:46:E5:CA:A6:8A:75:04:C0:D4:7B:2B:45:2C:08:53:10:F9:18
C:\Program Files\VMware\vCenter Server\vmafdd>dir-cli trustedcert list
/usr/lib/vmware-vmafd/bin/dir-cli trustedcert list
This will output a list of certificates published to VMDIR.C:\Program Files\VMware\vCenter Server\vmafdd>dir-cli.exe trustedcert list
Enter password for administrator@vsphere.local:
Number of certificates: 3
#1:
CN(id): EDCF46E5CAA68A7504C0D47B2B452C085310F918
Subject DN: CN=CA, DC=vsphere, DC=local, C=US, ST=California, O=psc1, OU=VMware
CRL present: yes
#2:
CN(id): 72B1C4C56A1A8A66B8C57182D551A29B78531ED0
Subject DN: CN=CA, DC=vsphere, DC=local, C=US, ST=California, O=psc2, OU=VMware
CRL present: yes
#3:
CN(id): 7AF0962806F5997107BF9A213E86DED4F853FF70
Subject DN: CN=CA, DC=vsphere, DC=local, C=US, ST=California, O=psc1, OU=VMware
CRL present: yes
EDCF46E5CAA68A7504C0D47B2B452C085310F918
C:\Program Files\VMware\vCenter Server\vmafdd>dir-cli trustedcert get --id EDCF46E5CAA68A7504C0D47B2B452C085310F918 --login administrator@vsphere.local --password <PASSWORD> --outcert C:\temp\oldcert.cer
/usr/lib/vmware-vmafd/bin/dir-cli trustedcert get --id EDCF46E5CAA68A7504C0D47B2B452C085310F918 --login administrator@vsphere.local --password <PASSWORD> --outcert /tmp/oldcert.cer
C:\Program Files\VMware\vCenter Server\vmafdd>dir-cli trustedcert unpublish --cert C:\temp\oldcert.cer
/usr/lib/vmware-vmafd/bin/dir-cli trustedcert unpublish --cert /tmp/oldcert.cer
C:\Program Files\VMware\vCenter Server\vmafdd>dir-cli trustedcert list
/usr/lib/vmware-vmafd/bin/dir-cli trustedcert list
C:\Program Files\VMware\vCenter Server\vmafdd>vecs-cli entry delete --store TRUSTED_ROOTS --alias 2b724e6dd26e38b369a020f279f3bfc3369e2e7f
/usr/lib/vmware-vmafd/bin/vecs-cli entry delete --store TRUSTED_ROOTS --alias 2b724e6dd26e38b369a020f279f3bfc3369e2e7f
C:\Program Files\VMware\vCenter Server\vmafdd>vecs-cli entry list --store TRUSTED_ROOTS --text | findstr Alias
/usr/lib/vmware-vmafd/bin/vecs-cli entry list --store TRUSTED_ROOTS --text | grep Alias
C:\Program Files\VMware\vCenter Server\vmafdd>vecs-cli force-refresh
/usr/lib/vmware-vmafd/bin/vecs-cli force-refresh
C:\Program Files\VMware\vCenter Server\vmafdd>vecs-cli entry list --store TRUSTED_ROOTS --text | findstr Alias
/usr/lib/vmware-vmafd/bin/vecs-cli entry list --store TRUSTED_ROOTS --text | grep Alias
Note:
WARNING: