When using Active Directory over LDAPS, you can upload an SSL certificate for the LDAP traffic. SSL certificates expire after a predefined lifespan. You can view the certificate's expiration date so that you know to replace or renew the certificate before it expires.

vCenter Server alerts you when an active LDAP SSL certificate is close to its expiration date.

You see certificate expiration information only if you use Active Directory over LDAP or an OpenLDAP identity source and specify an ldaps:// URL for the server.


Enable SSH login to vCenter Server. See Manage vCenter Server from the vCenter Server Shell.


  1. Log in as root to the vCenter Server.
  2. Run the following command.
    /opt/vmware/bin/sso-config.sh -get_identity_sources

    Ignore the SLF4J messages.

  3. To determine the expiration date, view the SSL certificate's details and verify the NotAfter field.