View Certificate Expiration Information for ESXi Hosts

For ESXi hosts that are in VMCA mode or custom mode, you can view certificate details from the vSphere Client. The certificate information enables you to determine whether any of your certificates expire soon. You can also use this information to debug certificate problems.

You cannot view certificate status information for ESXi hosts in thumbprint mode. You can view information for multiple ESXi hosts or a single ESXi host. The multiple-host view displays only the Certificate Valid To date information.

Procedure

Log in to the vCenter Server by using the vSphere Client.
Browse the inventory list and select the vCenter Server instance.

Get the certificate information.

Single Host or Multiple Hosts	Steps
Single	Browse to the ESXi host. Click Configure. Under System, click Certificate.
Multiple	Select Hosts & Clusters > Hosts. By default, the Hosts display does not include the certificate status. To show or hide columns, click Manage Columns. Select the Certificate Valid To check box, and scroll to the right if necessary to view the added column. The certificate information displays when the certificate expires. (Optional) Deselect other columns to make it easier to see what you are interested in.

Single Host or Multiple Hosts

Steps

Single

Browse to the ESXi host.
Click Configure.
Under System, click Certificate.

Multiple

Select Hosts & Clusters > Hosts.
By default, the Hosts display does not include the certificate status.
To show or hide columns, click Manage Columns.
Select the Certificate Valid To check box, and scroll to the right if necessary to view the added column.
The certificate information displays when the certificate expires.
(Optional) Deselect other columns to make it easier to see what you are interested in.

Review the certificate information.

The following information is available only in the single-host view.

Field	Description
Subject	The subject used during certificate generation.
Issuer	The issuer of the certificate.
Valid From	Date on which the certificate was generated.
Valid To	Date on which the certificate expires.
Status	Status of the certificate, one of the following. Good Normal operation. Expiring Certificate expires soon. Expiring shortly Certificate is eight months or less away from expiration (Default). Expiration imminent Certificate is two months or less away from expiration (Default). Expired Certificate is not valid because it expired.

Note: If a host is added to vCenter Server or reconnected after a disconnect, vCenter Server renews the certificate if the status is Expired, Expiring, Expiring shortly, or Expiration imminent. The status is Expiring if the certificate is valid for less than eight months, Expiring shortly if the certificate is valid for less than two months, and Expiration imminent if the certificate is valid for less than one month.

What to do next

Renew the certificates that are about to expire. See Renew or Refresh ESXi Certificates.