KMS certificate expired or about to expire message on vCenter server 

VMware vCenter Server 6.x
VMware vCenter Server 7.x
VMware vCenter Server 8.x

• Create a snapshot of the vCenter ( Take Offline snapshot of vCenter servers in ELM)
• Get the KMS server UUID from Fortanix DSM (Fortanix portal)  or from the previous certificate in VECS store (old KMS certificate)
• Create a certificate in vCenter (using openssl in vCenter server)

Run the below command in vCenter (Edit the respective attributes based on the environment )

export FORTANIX_APP_UUID=########

               openssl req -newkey rsa:2048 -nodes -keyout private.key -x509 \

   -days 365 -out certificate.crt -subj \

   "/C=US/ST=California/L=Mountain View/O=Fortanix, Inc./OU=SE/CN=$FORTANIX_APP_UUID"

• Share the file certificate.crt with Fortanix to trust the certificate 
• Once the certificate is trusted from Fortanix , update the certificate on vCenter under KMS using the document update KMS configuration