If you select an LDAP identity source, and you decide to use LDAPS, you can upload an SSL certificate for the LDAP traffic. SSL certificates expire after a predefined lifespan. Knowing when a certificate expires lets you replace or renew the certificate before the expiration date.

You see certificate expiration information only if you use an Active Directory LDAP Server or OpenLDAP Server and specify an ldaps:// URL for the server. The Identity Sources TrustStore tab remains empty for other types of identity sources or for ldap:// traffic.

Procedure

  1. From a Web browser, connect to the vSphere Web Client or the Platform Services Controller.
    Option Description
    vSphere Web Client https://vc_hostname_or_IP/vsphere-client
    Platform Services Controller https://psc_hostname_or_IP/psc

    In an embedded deployment, the Platform Services Controller host name or IP address is the same as the vCenter Server host name or IP address.

  2. Specify the user name and password for [email protected] or another member of the vCenter Single Sign-On Administrators group.
    If you specified a different domain during installation, log in as administrator@ mydomain.
  3. Navigate to the vCenter Single Sign-On configuration UI.
    Option Description
    vSphere Web Client
    1. From the Home menu, select Administration.
    2. Under Single Sign-On, click Configuration.
    Platform Services Controller Click Single Sign-On and click Configuration.
  4. Click the Certificates tab, and click Identity Sources TrustStore.
  5. Find the certificate and verify the expiration date in the Valid To text box.
    You might see a warning at the top of the tab which indicates that a certificate is about to expire.