Translate this site using Windows Live Translator:
Tool to determine the validity dates of your application manifests. - RMS: Protecting Your Assets. - Site Home - TechNet Blogs

RMS: Protecting Your Assets.

The Protecting 'My' Asset Disclaimer: This is my 'un-official', 'in my spare time', 'use at your own risk', all things RMS (Rights Management Services), IRM (Information Rights Management), IPP (Information Protection Pla

Tool to determine the validity dates of your application manifests.

Tool to determine the validity dates of your application manifests.

  • Comments 3
  • Likes

As I'm sure many of the people subscribed to this blog have realized, it is important to be able to discover the validity dates in your application manifests to determine if and when a particular cert-chain will expire so you can take appropriate actions prior to the chain expiration.

Here is a tool that you can use to accomplish that task (Disclaimer: This tool is completely unsupported so use it at your own risk.).

GetCertChainDates

Instructions for GetCertChainDates

Pre-requisites:

 

·         Microsoft .Net Framework v2.0 or above. 

Usage instructions:

 

·         Copy the GetCertChainDates.zip to your machine and extract the GetCertChainDates.exe tool

·         From a command line use GetCertChainDates as follows: 

o   GetCertChainDates.exe  <path_to_manifest_file>

or

o   GetCertChainDates.exe -s <location_to_search>

·         Example:

o   GetCertChainDates.exe OLKIRM.XML

or

o   GetCertChainDates.exe -s "c:\Program Files"

How to read the output of the tool:

 

Example output:

 

ValidUntil

Cert 0

2017-01-01T00:00

Cert 1

2017-07-10T21:38

Cert 2

2015-06-01T22:57

Cert 3

2015-11-29T21:30

Cert 4

2015-11-26T23:49

 

 

 

 

 

 

 

 

The earliest date in the ValidUntil column is the date when the manifest will expire and the application will no longer be able to access/create AD RMS protected content.

Hope this tool is usefull for people.

-Jason

Comments
  • Thanks for this tool!

    What does it mean if it tells that Cert 0 is ValidUntil 'none'?

    Cert 0: none

    Cert 1: 2020-11-12T00:03

    Cert 2: 2015-06-01T22:57

    Cert 3: 2015-11-29T21:30

    Cert 4: 2015-11-26T23:49

    Is there something wrong with the manifest??

    Thanks!

    Uwe

  • "none" means the certificate has no validity-time range. For cert 0 zero this just means the certificate should always be considered valid, i.e. nothing to worry about.

  • you should have mentioned the "- v" flag more prominently...

    How to proceed, when the "IssueRightUntil" of Cert-1 has expired?

    Do we need a new production certificate???

    Thanks,

    Dilettanto

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment