You can view the certificates known to the vCenter Certificate Authority (VMCA) to see whether active certificates are about to expire, to check on expired certificates, and to see the status of the root certificate. You perform all certificate management tasks using the certificate management CLIs.

You view certificates associated with the VMCA instance that is included with your embedded deployment or with the Platform Services Controller. Certificate information is replicated across instances of VMware Directory Service (vmdir).

When you attempt to view certificates in the vSphere Web Client, you are prompted for a user name and password. Specify the user name and password of a user with privileges for VMware Certificate Authority, that is, a user in the CAAdmins vCenter Single Sign-On group.


  1. Log in with the vSphere Web Client to vCenter Server as administrator@vsphere.local or another user of the CAAdmins vCenter Single Sign-On group.
  2. From the Home menu, select Administration.
  3. Click Deployment > System Configuration.
  4. Click Nodes, and select a host under the Nodes list.
  5. Click the Manage tab, and click Certificate Authority.
  6. Click the certificate type for which you want to view certificate information.
    Option Description
    Active Certificates Displays active certificates, including their validation information. The green Valid To icon changes when certificate expiration is approaching.
    Revoked Certificates Displays the list of revoked certificates. Not supported in this release.
    Expired Certificates Lists expired certificates.
    Root Certificates Displays the root certificates available to this instance of vCenter Certificate Authority.
  7. Select a certificate and click the Show Certificate Details button to view certificate details.
    Details include the Subject Name, Issuer, Validity, and Algorithm.