• When running vCert certificate management tool, an expired vmdir certificate is flagged.
• However, no expired certificates are listed from any known certificate stores when running the CMD below.
  for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo STORE $i; sudo /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $i --text | egrep "Alias|Not After"; done 

• VMware vCenter Server 7.x

This is due to the presence of a VMDIR certificate which is not used in vCenter 7 and later.
While this has no functional impact to the vCenter operation, the certificate will be flagged in vCert tool.

As the certificate is not in use in vCenter 7.x and later, it is safe to remove it manually.

1) Establish an SSH connection to the vCenter Server Appliance.

2) Remove the certificate and its key file

     rm /usr/lib/vmware-vmdir/share/config/vmdirkey.pem

     rm /usr/lib/vmware-vmdir/share/config/vmdircert.pem