• Navigating to the Certificate Management in the vCenter UI shows the error:
  "Error occurred while fetching trusted root certificates: Unable to proceed due to certificate exception: malformed PEM data encountered"
• The vCenter services may/may not be impacted. But adding additional Trusted Roots or listing the current Trusted Roots are not possible.
• You don't see any expired certificates within the TRUSTED_ROOTS running the command: 
  /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store TRUSTED_ROOTS --text | grep "Alias\|Not After\|Subject:\|Issuer:"
• Note: All the above conditions should be met to be applicable for this issue.

vCenter 8.x

This can be due to the following reason(s):

• Missing or incorrect -----BEGIN or -----END boundary markers (e.g., -----BEGIN CERTIFICATE-----, -----END RSA PRIVATE KEY-----).
• Corrupted or Incomplate pem file that the Trusted Root(s) were previously registered with
• They have the CA bit set to "FALSE"
• The malformed PEM data could either be residing in VECS or VMDIR stores.

• Confirm that no TRUSTED_ROOT certificates had expired, had CA:FALSE and able to be listed correctly with and replace as needed: https://knowledge.broadcom.com/external/article/324590/vcenter-upgrade-to-70-fails-with-error-e.html
• If those conditions are ruled out, download the vCert script from the below KB and contact Broadcom Support to resolve the issue.
  https://knowledge.broadcom.com/external/article/385107/vcert-expired-certificate-replacement-s.html