In Aria Operations 8.x, a banner or adapter status indicates a certificate has expired for an NSX-T integration. However, the NSX-T Manager shows all certificates as valid.

• Symptom: A banner in Aria Operations shows:  Your certificate is expired. Please check the expiry date to take an action.

• Symptom: An expired NSX certificate is visible under Administration > Control Panel > Trusted Certificates.

• VMware Aria Operations 8.x

• VMware NSX-T / NSX 4.x

The issue is caused by a stale or cached certificate thumbprint in the Aria Operations Trusted Certificates repository. Aria Operations continues to track the expiration date of the old certificate because it remains in the trust store after the endpoint was update.

1. Snapshot: Take a snapshot of the Aria Operations cluster/nodes before proceeding.

2. Remove Stale Certificate:

   • Navigate to Administration > Control Panel > Trusted Certificates.

   • Locate the entry with the expired date and the CN matching your NSX-T Manager.

   • Select the certificate and click Delete.

3. Re-Validate Integration:

   • Navigate to Administration > Integrations > Accounts.

   • Select the NSX-T integration and click Edit.

   • Click Validate Connection.

   • Accept the new certificate prompt.

   • Click Save.

4. Cleanup: Test and validate that data collection is "OK" before deleting the cluster snapshots to avoid future performance impacts.

If the certificate cannot be deleted via the UI, it may be necessary to remove it directly from the internal database (Postgres/Cassandra). Refer to Broadcom KB 340657 for database-level remediation.