How to check when RHV certificates expire?

Solution Verified - Updated 24 Feb 2026

Environment

RHV 4.x

Issue

How do I check expiration dates of RHV certificates?

Resolution

Attached to this KCS is a script named cert_date.sh, which is intended to provide an overview of RHV-M and host certificates.
Copy the script to RHV-M:

# cd /path/of/script
# chmod +x cert_date.sh
# ./cert_date.sh
This script will check certificate expiration dates

Checking RHV-M Certificates...
=================================================
  /etc/pki/ovirt-engine/ca.pem:                          Aug  4 20:15:09 2030 GMT
  /etc/pki/ovirt-engine/certs/apache.cer:                Oct 12 18:55:18 2022 GMT
  /etc/pki/ovirt-engine/certs/engine.cer:                Apr 26 17:02:23 2023 GMT
  /etc/pki/ovirt-engine/qemu-ca.pem                      Aug  4 20:15:16 2030 GMT
  /etc/pki/ovirt-engine/certs/websocket-proxy.cer        Apr 26 17:02:24 2023 GMT
  /etc/pki/ovirt-engine/certs/jboss.cer                  Apr 26 17:02:24 2023 GMT
  /etc/pki/ovirt-engine/certs/ovirt-provider-ovn         Jul 11 20:15:15 2025 GMT
  /etc/pki/ovirt-engine/certs/ovn-ndb.cer                Jul 11 20:15:15 2025 GMT
  /etc/pki/ovirt-engine/certs/ovn-sdb.cer                Jul 11 20:15:15 2025 GMT
  /etc/pki/ovirt-engine/certs/vmconsole-proxy-helper.cer Jul 11 20:15:45 2025 GMT
  /etc/pki/ovirt-engine/certs/vmconsole-proxy-host.cer   Jul 11 20:15:45 2025 GMT
  /etc/pki/ovirt-engine/certs/vmconsole-proxy-user.cer   Jul 11 20:15:45 2025 GMT


Checking Host Certificates...

Host: rhvh-1.example.com
=================================================
  /etc/pki/vdsm/certs/vdsmcert.pem:              May 31 18:16:51 2023 GMT
  /etc/pki/vdsm/libvirt-spice/server-cert.pem:   May 31 18:16:51 2023 GMT
  /etc/pki/vdsm/libvirt-vnc/server-cert.pem:     Sep 23 19:22:37 2025 GMT
  /etc/pki/libvirt/clientcert.pem:               May 31 18:16:51 2023 GMT
  /etc/pki/vdsm/libvirt-migrate/server-cert.pem: May 31 18:16:52 2023 GMT


Host: rhvh-2.example.com
=================================================
  /etc/pki/vdsm/certs/vdsmcert.pem:              Jul 12 20:46:06 2022 GMT
  /etc/pki/vdsm/libvirt-spice/server-cert.pem:   Jul 12 20:46:06 2022 GMT
  /etc/pki/vdsm/libvirt-vnc/server-cert.pem:     Aug  5 20:59:29 2025 GMT
  /etc/pki/libvirt/clientcert.pem:               Jul 12 20:46:06 2022 GMT
  /etc/pki/vdsm/libvirt-migrate/server-cert.pem: Jul 12 20:46:07 2022 GMT

Note: Not all of these certificates may exist, for example if ovn and/or websocket proxy were not configured, they will not exist and may show file not found or similar. This is expected if those components were not configured.

Root Cause

RHV Certificates have changed in length in RHV 4.4 to 398 days
- see KCS 6865861 for additional details on renewing certificates.

SBR

Virtualization

Product(s)

Red Hat Virtualization

Category

Troubleshoot

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.