If you select an LDAP identity source, and you decide to use LDAPS, you can upload an SSL certificate for the LDAP traffic. SSL certificates expire after a predefined lifespan. Knowing when a certificate expires lets you replace or renew the certificate before the expiration date.

You see certificate expiration information only if you use an Active Directory LDAP Server or OpenLDAP Server and specify an ldaps:// URL for the server. The Identity Sources TrustStore tab remains empty for other types of identity sources or for ldap:// traffic.


  1. Log in with the vSphere Web Client to the vCenter Server connected to the Platform Services Controller.
  2. Specify the user name and password for administrator@vsphere.local or another member of the vCenter Single Sign-On Administrators group.
    If you specified a different domain during installation, log in as administrator@ mydomain.
  3. Navigate to the Configuration UI.
    1. From the Home menu, select Administration.
    2. Under Single Sign On, click Configuration.
  4. Click the Identity Sources tab.
  5. In the upper part of the screen, select the identity source whose LDAPS certificate you want to view.
  6. In the bottom part of the screen, view the details of the certificate and verify the expiration date in the Valid until To field.
    You might see a warning at the top of the tab which indicates that a certificate is about to expire.