After renewing vCenter Server certificates using the vCerts script and selecting Option 6 (Reset all certificates with VMCA-signed certificates), the newly generated certificates display a validity period of less than one year.

Additionally, the VMCA trusted root certificate also shows validity less than a year.

• VMware vCenter Server 8.x

The VMCA root certificate itself has a validity period of less than one year.

Since VMCA acts as the certificate authority, any certificates issued or renewed by VMCA inherit the same expiration date as the VMCA root certificate. As a result, all newly generated vCenter certificates also show a validity of less than one year.

To resolve this issue, the VMCA root certificate must be renewed, followed by regenerating all vCenter Server certificates.

Steps to Resolve:

• Log in to the vCenter Server Appliance (VCSA).
• Launch the vCerts utility.
• Select Option 3: Manage Certificates.
• Select Option 9: VMCA Certificate.
• Select Option 2: Replace VMCA certificate with a self-signed certificate and and regenerate all certificates.
  
  

After renewing certificates using the vCerts script, the VMCA root certificate may show a “Valid From” date that is backdated (n-2 days from the current date).
This behavior is expected and by design when renewing certificates using the vCerts utility and does not indicate an issue with the certificate renewal process.