As I'm sure many of the people subscribed to this blog have realized, it is important to be able to discover the validity dates in your application manifests to determine if and when a particular cert-chain will expire so you can take appropriate actions prior to the chain expiration.
Here is a tool that you can use to accomplish that task (Disclaimer: This tool is completely unsupported so use it at your own risk.).
Instructions for GetCertChainDates
· Microsoft .Net Framework v2.0 or above.
· Copy the GetCertChainDates.zip to your machine and extract the GetCertChainDates.exe tool
· From a command line use GetCertChainDates as follows:
o GetCertChainDates.exe <path_to_manifest_file>
o GetCertChainDates.exe -s <location_to_search>
o GetCertChainDates.exe OLKIRM.XML
o GetCertChainDates.exe -s "c:\Program Files"
The earliest date in the ValidUntil column is the date when the manifest will expire and the application will no longer be able to access/create AD RMS protected content.
Hope this tool is usefull for people.
Thanks for this tool!
What does it mean if it tells that Cert 0 is ValidUntil 'none'?
Cert 0: none
Cert 1: 2020-11-12T00:03
Cert 2: 2015-06-01T22:57
Cert 3: 2015-11-29T21:30
Cert 4: 2015-11-26T23:49
Is there something wrong with the manifest??
"none" means the certificate has no validity-time range. For cert 0 zero this just means the certificate should always be considered valid, i.e. nothing to worry about.
you should have mentioned the "- v" flag more prominently...
How to proceed, when the "IssueRightUntil" of Cert-1 has expired?
Do we need a new production certificate???