Old or unused certificates are stored in a trust store in SDDC Manager. You can delete old certificates through the SDDC Manager VM.

Procedure

  1. Using SSH, log in to the SDDC Manager VM with the following credentials:
    Username: vcf

    Password: use the password specified in the deployment parameter sheet

  2. Enter su to switch to the root user.
  3. Change to the /opt/vmware/vcf/operationsmanager/scripts/cli directory. 
    cd /opt/vmware/vcf/operationsmanager/scripts/cli
  4. From the /opt/vmware/vcf/operationsmanager/scripts/cli directory, use the following script and command to discover the names of the certificates in the trust store. 
    sddcmanager-ssl-util.sh -list
  5. Using the name of the certificate, delete the old or unused certificate. 
    sddcmanager-ssl-util.sh -delete <certificate alias name from list>
  6. (Optional) Clean out root certificates in VMware Endpoint Certificate Store from the Platform Services Controller node.
    See Explore Certificate Stores from the vSphere Client in the vSphere product documentation.