This is an information article about revoked certs on Esx host. 

• After a security scan on Esx host, the security tool reports host has revoked or expired certs in /etc/vmware/ssl
• The security tool recommends to "Replace expired and revoked certificates with Certificates from a trusted CA"

VCF 9.0

Esx 9.0

By default Esxi doesn't store any revoked certs. Security tool alerts this if the host certificates are expired.

To fix this follow one of below steps. 

• Verify if host has valid certs on the browser UI
• We can also verify the certs on cli using openssl command: openssl x509 -in <cert_file_name> -noout -text
• If required regenerate host certs following kb: "ESXi Host Certificate Status" alert for any host in vCenter Server