After launching the vCert or Fixcertsscripts to perform a broad certificate replacement, the SMS (Storage Monitoring Service) certificate is not automatically regenerated or updated.

The certificate retains its old expiration date, and related alarms (e.g., "SMS certificate in VECS has expired") may persist in the vSphere Client.

vCenter Server 8.x

Automated "replace all" or "replace expired" workflows within the scripts may skip the SMS store if there are local store inconsistencies or if the service-specific replacement logic fails to trigger automatically.

To resolve this issue, the SMS certificate must be targeted individually for regeneration using the vCert utility's management menu.

Prerequisites:

Take an offline snapshot of the vCenter Server. If in Enhanced Linked Mode (ELM), take cold snapshots of all nodes in the domain.

Manual Regeneration Steps:

1. Connect to the vCenter Server via SSH as the root user.
2. Launch the vCert script:

   ./vCert.py

3. Select Option 3 (Manage certificates).
4. Select Option 5 (SMS certificates).
5. Select Option 1 (Replace SMS self-signed certificate).
6. Once the script confirms the replacement is complete, restart the Profile-Driven Storage service to initialize the new certificate:

   service-control --restart vmware-sps

Related Articles:

• vCert - Scripted vCenter expired certificate replacement
• "SMS certificate in VECS has expired" observed on vCenter UI
• vCenter Snapshots Best Practices
  
  
• Replace certificates on vCenter server using the Fixcerts script