You can view the certificates known to the vCenter Certificate Authority (VMCA) to see whether active certificates are about to expire, to check on expired certificates, and to see the status of the root certificate. You perform all certificate management tasks using the certificate management CLIs.

You view certificates associated with the VMCA instance that is included with your embedded deployment or with the Platform Services Controller. Certificate information is replicated across instances of VMware Directory Service (vmdir).

When you attempt to view certificates in the vSphere Web Client, you are prompted for a user name and password. Specify the user name and password of a user with privileges for VMware Certificate Authority, that is, a user in the CAAdmins vCenter Single Sign-On group.

1

Log in to vCenter Server as administrator@vsphere.local or another user of the CAAdmins vCenter Single Sign-On group.

2

Select Administration, click Deployment, and click System Configuration.

3

Click Nodes, and select the node for which you want to view or manage certificates.

4

Click the Manage tab, and click Certificate Authority.

5

Click the certificate type for which you want to view certificate information.

Option

Description

Active Certificates

Displays active certificates, including their validation information. The green Valid To icon changes when certificate expiration is approaching.

Revoked Certificates

Displays the list of revoked certificates. Not supported in this release.

Expired Certificates

Lists expired certificates.

Root Certificates

Displays the root certificates available to this instance of vCenter Certificate Authority.

6

Select a certificate and click the Show Certificate Details button to view certificate details.

Details include the Subject Name, Issuer, Validity, and Algorithm.