When using Active Directory over LDAPS, you can upload an SSL certificate for the LDAP traffic. SSL certificates expire after a predefined lifespan. You can view the certificate's expiration date so that you know to replace or renew the certificate before it expires.

You see certificate expiration information only if you use Active Directory over LDAP or an OpenLDAP identity source and specify an ldaps:// URL for the server.


  1. Log in as root to the vCenter Server.
  2. Run the following command.
    /opt/vmware/bin/sso-config.sh -get_identity_sources

    Ignore the SLF4J messages.

  3. To determine the expiration date, view the SSL certificate's details and verify the NotAfter field.