In 3.1, NSX-T Data Center generates alarms when a certificate is nearing its expiry or if a certificate has already expired. Starting in NSX-T Data Center 3.2, service certificates generate an alarm only if expiring or expired and in use by a component. Non-service certificates always generate an alarm, whether in use or not.
- Medium severity alarm starting 30 day before certificate expiry.
- High severity alarm starting 7 days prior to expiry.
- Critical severity alarm every day after certificate expires.
Certificate Expiry alarms contains details on certificate ID, severity, node, first/last report time, and recommended action.
As a remedial, you must replace the expiring External Platform certificate with a new valid certificate and delete expiring certificate.