Hi @Tanul ,
Thank you for your question.
The kubectl client has a certificate for communicating with the AKS cluster, the certificate can be found in the kubeconfig file (~/.kube/config by default).
The certificate is valid for 2 years, and is rotated/updated automatically for clusters created after May 2019.
To check the expiration date for the kubectl certificate, run the below command after changing the name:
kubectl config view --raw -o jsonpath="{.users[?(@.name == 'clusterUser_rg_myAKSCluster')].user.client-certificate-data}" | base64 -d | openssl x509 -text | grep -A2 Validity
Please check this document for all the needed information regarding AKS certificates.
Please Accept the answer if the information helped you. This will help us and others in the community as well.
Thank you.