Our vCenter server 6.7 is giving us a certificate status alarm. The only information given with the alarm is the "Default alarm that monitors whether a certificate is getting close to its expiration date." Checking the installed certs using the vSphere UI and also from the cli, none are expired nor are any about to expire. We do have a custom Machine SSL cert with an intermediate and root certificate from our CA installed. In the trusted root keystore are the root and the intermediate certs from our CA and also the cert from VMCA from the initial install. All the other Solution certs are the VMCA provided ones.
Everything seems to work fine and our Horizon connection servers that connect to the vCenter server do not show any problems with the cert.
Do you have any linked vCenters to this one? If you're sure that the Certificate Management portion of the H5 client shows none about to expire, check your vCenter Solutions. You may have a VASA provider (do you use VVols anywhere?) that's presenting a cert which is about to expire. This is pretty common. Barring that, look at logs on the vCSA and see if you can trace it. If all else fails, open a support request