You can delete unused or old certificates from the SDDC Manager command line using the following procedure:
1.Using SSH, log in to the SDDC Manager VM with the following credentials:
Username: vcf
Password: enter the password
2.Enter su to switch to the root user.
3.Change to the /opt/vmware/vcf/operationsmanager/scripts/cli directory.
cd /opt/vmware/vcf/operationsmanager/scripts/cli
4.From the /opt/vmware/vcf/operationsmanager/scripts/cli directory, use the following script and command to discover the names of the certificates in the trust store.
sddcmanager-ssl-util.sh -list
5.Using the name of the certificate, delete the old or unused certificate.
sddcmanager-ssl-util.sh -delete <certificate alias name from list>
6.(Optional) Clean out root certificates in VMware Endpoint Certificate Store from the Platform Services Controller node