Old or unused certificates are stored in a trust store in SDDC Manager. You can delete old certificates directly on the SDDC Manager appliance.
- Log in to SDDC Manager by using a Secure Shell (SSH) client.
- Enter su to switch to the root user.
- Using the sddcmanager-ssl-util.sh script retrieve a list of the names of the certificates in the trust store.
/opt/vmware/vcf/operationsmanager/scripts/cli/sddcmanager-ssl-util.sh -list | grep 'Alias name'
- Using the name of the certificate, delete the old or unused certificate.
/opt/vmware/vcf/operationsmanager/scripts/cli/sddcmanager-ssl-util.sh -delete <certificate alias name from list>
- (Optional) Clean out root certificates in VMware Endpoint Certificate Store from the Platform Services Controller node.