• NSX Alarms indicate certificates are expired or about to expire.
  
  
• The expiring certificates contain "CBM_MONITORING" in their name.

• VMware NSX-T Data Center
  
  
• VMware NSX

NSX Managers have many certificates for internal services, in NSX-T 3.2.x, Cluster Boot Manager (CBM) service certificates were incorrectly given a validity period of 825 days instead of 100 years.
This was corrected to 100 years in NSX-T 3.2.3 and NSX 4.1.0.
However, any environment previously running NSX-T 3.2.x (below 3.2.3) will have internal CBM_MONITORING certificates expiring after 825 regardless of upgrade to the fixed version or not.
While there is no immediate functional impact when an internal CBM certificate expires, alarms will trigger and prechecks will block an upgrade.

• In NSX 4.2.1.X and later, the CBM_MONITORING certificate is no longer used. It is safe to remove the certificate.
  This is a condition that may occur in a VMware NSX environment.
  
  
• If you believe you have encountered this issue, open a support case with Broadcom Support and refer to this KB article.
  For more information, see  Creating and managing Broadcom support cases