Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
Search the VMware Knowledge Base (KB)   View by Article ID

Determining the expiry period of default SSL certificates of vCenter Server and ESX/ESXi (2015600)


This article provides steps to find the expiry period of the default SSL certificates of vCenter Server and ESX and ESXi.


The default SSL certificates of vCenter Server are valid for 10 years and that of ESX/ESXi 4.x/5.x are valid for a period of 11.5 years.

To check the expiry date of SSL certificates on vCenter Server:
  1. Open the vSphere Client and connect to the vCenter Server and log in.
  2. In the Security Warning dialog, click View Certificate and check the Valid from mm/dd/yy to mm/dd/yy field for the expiry information.
  3. Click OK.
  4. Click Ignore to complete log in.
Note: Sometimes when connecting to vCenter Server, a user is not prompted with a Security Warning dialog box as they have previously connected to it and selected the ignore check box. To ensure that the Security Warning dialog box does pop-up (to verify when SSL certificate expires):
  1. Connect to the vCenter Server using theĀ IP address.
  2. Try connecting from a different vSphere Client.
  3. Remove the registry entries that relate to the ignore check box:

    HKEY_CURRENT_USER\Software\VMware\Virtual Infrastructure Client\Preferences\UI\SSLIgnore

To check the expiry date in ESX/ESXi:
  1. Log in to an ESX host as the root user.

  2. Run this command:

    openssl x509 -noout -in /etc/vmware/ssl/rui.crt -enddate

    You see an output similar to:

    # openssl x509 -noout -in /etc/vmware/ssl/rui.crt -enddate
    notAfter=Aug 24 21:48:47 2023 GMT

To check the expiry date using openssl from a windows platform:

  • Download and install openssl for Windows and install it to c:\openssl, and run these commands:

    • echo "" | openssl s_client -connect (ip address of ESX host):443 > certificate
    • openssl x509 -noout -in certificate -enddate

      You see an output similar to:

      C:\openssl x509 -noout -in certificate -enddate
      notAfter=Aug 24 17:29:21 2023 GMT

See Also

Update History

03/26/2012 - Added checking expiry date from windows 03/26/2012 - Added remove registry entries

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.


  • 8 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 8 Ratings