CA-signed SSL certificates expire after a predefined lifespan. Knowing when a certificate expires lets you replace or renew the certificate before the expiration date.


  1. Log in to the vSphere Web Client as administrator@vsphere.local or as another user with vCenter Single Sign-On administrator privileges.

    Users with vCenter Single Sign-On administrator privileges are in the CAAdmins group.

  2. Browse to Administration > Single Sign-On > Configuration.
  3. Click the Certificates tab, and then the Identity Sources TrustStore subtab .
  4. Find the certificate and verify the expiration date in the Valid To text box.

    You might see a warning at the top of the tab which indicates that a certificate is about to expire.

What to do next

Renew or replace SSL certificates that are getting close to their expiration date.