For ESXi hosts that are in VMCA mode or custom mode, you can view certificate details from the vSphere Client. The certificate information enables you to determine whether any of your certificates expire soon. You can also use this information to debug certificate problems.

You cannot view certificate status information for ESXi hosts in thumbprint mode. You can view information for multiple ESXi hosts or a single ESXi host. The multiple-host view displays only the Certificate Valid To date information.

Procedure

  1. Log in to the vCenter Server by using the vSphere Client.
  2. Browse the inventory list and select the vCenter Server instance.
  3. Get the certificate information.
    Single Host or Multiple Hosts Steps
    Single
    1. Browse to the ESXi host.
    2. Click Configure.
    3. Under System, click Certificate.
    Multiple
    1. Select Hosts & Clusters > Hosts.

      By default, the Hosts display does not include the certificate status.

    2. To show or hide columns, click Manage Columns.
    3. Select the Certificate Valid To check box, and scroll to the right if necessary to view the added column.

      The certificate information displays when the certificate expires.

    4. (Optional) Deselect other columns to make it easier to see what you are interested in.
  4. Review the certificate information.
    The following information is available only in the single-host view.
    Field Description
    Subject The subject used during certificate generation.
    Issuer The issuer of the certificate.
    Valid From Date on which the certificate was generated.
    Valid To Date on which the certificate expires.
    Status Status of the certificate, one of the following.
    Good
    Normal operation.
    Expiring
    Certificate expires soon.
    Expiring shortly
    Certificate is eight months or less away from expiration (Default).
    Expiration imminent
    Certificate is two months or less away from expiration (Default).
    Expired
    Certificate is not valid because it expired.
    Note: If a host is added to vCenter Server or reconnected after a disconnect, vCenter Server renews the certificate if the status is Expired, Expiring, Expiring shortly, or Expiration imminent. The status is Expiring if the certificate is valid for less than eight months, Expiring shortly if the certificate is valid for less than two months, and Expiration imminent if the certificate is valid for less than one month.

What to do next

Renew the certificates that are about to expire. See Renew or Refresh ESXi Certificates.