If you select an LDAP identity source, and you decide to use LDAPS, you can upload an SSL certificate for the LDAP traffic. SSL certificates expire after a predefined lifespan. Knowing when a certificate expires lets you replace or renew the certificate before the expiration date.

You see certificate expiration information only if you use an Active Directory LDAP Server or OpenLDAP Server and specify an ldaps:// URL for the server. The Identity Sources TrustStore tab remains empty for other types of identity sources or for ldap:// traffic.


  1. Log in with the vSphere Web Client to the vCenter Server connected to the Platform Services Controller.
  2. Specify the user name and password for administrator@vsphere.local or another member of the vCenter Single Sign-On Administrators group.
    If you specified a different domain during installation, log in as administrator@ mydomain.
  3. Navigate to the Configuration UI.
    1. From the Home menu, select Administration.
    2. Under Single Sign On, click Configuration.
  4. Click the Certificates tab.
  5. View a certificate's details and verify the expiration date in the Valid until field.
    You might see a warning at the top of the tab which indicates that a certificate is about to expire.