vSphere – SSL Certificates Validity

Today I had an interesting question (at least to me) on the SSL certificates validity of vCenter. Based on this link (http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009092), the validity of the default SSL certificate is 2 years for vCenter 2.5 and 10 years for vCenter 4.x. So has that changed from v5.x onwards? Let’s see.

I grab out my rui.crt in my lab vCenter (C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\SSL) and run them in this free site tool, you can use openssl in Linux or importing them in Windows CA etc to do it but this, I find is the easiest and fastest way. Open the rui.crt file in notepad.exe and copy the contents and input into the text box in this URL: https://www.sslshopper.com/certificate-decoder.html

You should be able to output contents of your certificate eg.


Similarly to find out the validity for ESXi, scp into ESXi after enabling SSH in your ESXi services, and go to /etc/vmware/ssl. Grab out the file and get the contents and run the certificate contents in the URL as well.

This is the result.


So the validity stays at 10 years still in vCenter 5.x but ESXi seems to be 12 years.

Hope this helps answer anyone who has a security colleague who has this burning question in mind. :)


Leave a Reply

* Copy This Password *

* Type Or Paste Password Here *

18,304 Spam Comments Blocked so far by Spam Free Wordpress