Customers may have a system that uses vCenter alerts to automatically create helpdesk tickets. This alert has a 90-day threshold meaning it begins alerting 90 days before the certificate expires. In some systems this alert continuing to be present will generate multiple helpdesk tickets for the same issue. The alert is hard coded to 90 days and cannot be changed. 

This particular alert is for secondary monitoring. The certificate status should be monitored from the AD/CA servers, and not the vCenter. In environments where teams are siloed the Virtualization team has an interest in the monitoring of this certificate because if the AD team renew it and they don't know, or it expires, any domain-based authentication attempts using LDAPS will fail. 

vSphere 7.0

vSphere 8.0

There really isn't much choice but to disable this alert in this scenario. Using another product like Solar Winds or Data Dog is an option as those tools allow you to configure an alerting threshold. 

It is possible a scripted solution could be used to monitor the certificate status and alert the appropriate people at the customers defined threshold. The following command run from the vCenter CLI will produce the expiration date for the LDAP certificate. 

/opt/vmware/bin/sso-config.sh -get_identity_sources 

Renew expiring/expired LDAPS certificate for vCenter SSO Identity Provider
https://knowledge.broadcom.com/external/article/371578

Configuring a vCenter Single Sign-On Identity Source using LDAP with SSL (LDAPS)
https://knowledge.broadcom.com/external/article/316596/