vCenter Server Appliance:In a console window or SSH session to the vCenter Server virtual machine, run the following command:
for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;
vCenter Windows: Run the following command usinf POwerShell from the vCenter Server virtual machine console, RDP session or physical device using
$VCInstallHome = [System.Environment]::ExpandEnvironmentVariables("%VMWARE_CIS_HOME%");foreach ($STORE in &"$VCInstallHome\vmafdd\vecs-cli" store list){Write-host STORE: $STORE;&"$VCInstallHome\vmafdd\vecs-cli" entry list --store $STORE --text | findstr /C:"Alias" /C:"Not After"}
Check the list to see if any of the certificates have expired.
vSphere Web Client: See below for instructions on how to view the certificate from:
Before changing the certificate, ensure that you have taken a proper snapshot of your SSO domain. This means that all vCenter Servers or PSCs in the SSO domain must be shut down at the same time, taken a snapshot, and powered on again. If you need to revert to one of these snapshots, shut down all nodes and revert all nodes to the snapshot. Failure to perform these steps will result in replication issues across the PSC database.