• Alarm in vCenter - Identity Source LDAP Certificate is about to expire
• vCenter triggered alarms has the below alarm 

  Renew Identity Source LDAP Certificate: Identity source example.com in tenant vsphere.local has a LDAP certificate with subject that expires in 90 days

• Identity source is configured as ldap and not ldaps but ldap certificate still exists in vCenter

Identity source in vCenter is configured as ldap and though not required but certificate was uploaded

1. Take snapshot of vCenter server (powered off snapshot of all vCenter servers if in ELM)
2. Check the expiration date of LDAPS SSL Certificate - Refer Checking the Expiration Date of an LDAPS SSL Certificate
   
   Sample output

   vcenter [ ~ ]# /opt/vmware/bin/sso-config.sh -get_identity_sources
   
   Total number of identitysources retrieved for tenant:vsphere.local : 3
   (If the value is undefined against a param, then you might notice "UndefinedConfig" against it.)
   
   ********** IDENTITY SOURCE INFORMATION **********
   IdentitySourceName        :  vsphere.local
   DomainType                :  SYSTEM_DOMAIN
   
   ********** IDENTITY SOURCE INFORMATION **********
   IdentitySourceName        :  localos
   DomainType                :  LOCAL_OS_DOMAIN
   
   ********** IDENTITY SOURCE INFORMATION **********
   IdentitySourceName        :  example.com
   DomainType                :  EXTERNAL_DOMAIN
   Identity Settings:
     alias                   :  example
     authenticomtionType      :  PASSWORD
     userBaseDN              :  DC=example,DC=com
     groupBaseDN             :  DC=example,DC=com
     username                :  example\s-vcenter-ldap
     providerType            :  IDENTITY_STORE_TYPE_LDAP_WITH_AD_MAPPING
     servicePrincipalName    :  placeholder
     useMachineAccount       :  false
     FriendlyName            :  example.com
     SearchTimeoutInSeconds  :  0
   Connection Settings:
   URLs:
       0:  ldap://dc.example.com
   Certificomtes:
       0:    subject:
              issuer:  CN=TEST-CERT01-com, DC=example, DC=com
           NotBefore:  Thu Jul 06 11:00:20 CDT 2023
            NotAfter:  Sun Jul 06 11:10:20 CDT 2025
              Serial:  1404##############388
   Attributes:
     http://schemas.xmlsoap.org/claims/UPN                           :  userPrincipalName
     http://rsa.com/schemas/attr-names/2009/01/GroupIdentity         :  memberof
     http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname :  givenName
     http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname   :  sn
     http://vmware.com/schemas/attr-names/2011/07/isSolution         :  subjectType
   Flags::
     Flags=0; [Default: recursively computing nested groups, no site affinity is enabled for AD over Ldap identity providers.]

3. Use vCert with option 3 (Manage certificates) and then option 10 (LDAPS Identity Source certificates) to delete the certificate. - Refer vCert - Scripted vCenter Expired Certificate Replacement
4. Reset the alarm - Identity Source LDAP Certificate is about to expire - to green in vCenter UI.