• When running certificate health checks or the vCert script on a vCenter Server Appliance (VCSA), you may receive alerts regarding certificates that are nearing expiration. These certificates are specifically located in the BACKUP_STORE within the VMware Endpoint Certificate Store (VECS).
  
  

VMware vCenter Server

This occurs because the backup certificates are the vCenter are nearing their expiration date.

There is no impact in having these backup certificates nearing expiry or expired.

To resolve the issue you can follow either of the below approach:

• Wait till the backup certificates reach their expiry date and then remove them via vCert script following the KB - vCert - Scripted vCenter expired certificate replacement
• Open a case with Broadcom Support Team if you want to remove the backup certificates while they are yet to expire and Broadcom Support Team will validate if there are valid existing certificates in place and if these backups are safe to remove.

Note: Please make sure you have snapshot of vCenter server and have followed Snapshot Best practices for vCenter Server Virtual Machines before performing any changes.