If you select a Active Directory LDAP Server and OpenLDAP Server identity source, and you decide to use LDAPS, you can upload an SSL certificate for the LDAP traffic. SSL certificates expire after a predefined lifespan. Knowing when a certificate expires lets you replace or renew the certificate before the expiration date.

You see certificate expiration information only if you use an Active Directory LDAP Server and OpenLDAP Server and specify an ldaps:// URL for the server. The Identity Sources TrustStore tab remains empty for other types of identity sources or for ldap:// traffic.

1

Log in to the vSphere Web Client as administrator@vsphere.local or as another user with vCenter Single Sign-On administrator privileges.

Users with vCenter Single Sign-On administrator privileges are in the Administrators group in the vsphere.local domain.

2

Browse to Administration > Single Sign-On > Configuration.

3

Click the Certificates tab, and then the Identity Sources TrustStore subtab.

4

Find the certificate and verify the expiration date in the Valid To text box.

You might see a warning at the top of the tab which indicates that a certificate is about to expire.