Before you start with certificate replacement, you can check whether the certificates you have are already being used. You can use the Compute Usage feature to determine whether or not the system is using a certificate.


  1. Log in to the vSphere Web Client as administrator@vsphere.local or as another user with vCenter Single Sign-On administrator privileges.
    Users with vCenter Single Sign-On administrator privileges are in the CAAdmins group.
  2. Browse to Administration > Single Sign-On > Configuration.
  3. Click the Certificates tab, and then the Identity Sources TrustStore subtab.
  4. Click Compute Usage.

    For each certificate in the list, the vSphere Web Client communicates with each registered LDAPS identity source to determine whether a valid connection exists.

  5. The Used By Domain column shows whether a certificate is in use, and helps you determine whether you can safely remove a certificate.