Old or unused certificates are stored in a trust store in SDDC Manager. You can delete old certificates directly on the SDDC Manager appliance.

Procedure

  1. Log in to SDDC Manager by using a Secure Shell (SSH) client.

    Setting

    Value

    User name

    vcf

    Password

    vcf_password

  2. Enter su to switch to the root user.
  3. Using the sddcmanager-ssl-util.sh script retrieve a list of the names of the certificates in the trust store. 
    /opt/vmware/vcf/operationsmanager/scripts/cli/sddcmanager-ssl-util.sh -list | grep 'Alias name'
  4. Using the name of the certificate, delete the old or unused certificate. 
    /opt/vmware/vcf/operationsmanager/scripts/cli/sddcmanager-ssl-util.sh -delete <certificate alias name from list>
  5. (Optional) Clean out root certificates in VMware Endpoint Certificate Store from the Platform Services Controller node.