Udostępnij za pośrednictwem


Tool to determine the validity dates of your application manifests.

As I'm sure many of the people subscribed to this blog have realized, it is important to be able to discover the validity dates in your application manifests to determine if and when a particular cert-chain will expire so you can take appropriate actions prior to the chain expiration.

Here is a tool that you can use to accomplish that task (Disclaimer: This tool is completely unsupported so use it at your own risk.).

GetCertChainDates

Instructions for GetCertChainDates

Pre-requisites:

· Microsoft .Net Framework v2.0 or above.

Usage instructions:

· Copy the GetCertChainDates.zip to your machine and extract the GetCertChainDates.exe tool

· From a command line use GetCertChainDates as follows:

o GetCertChainDates.exe <path_to_manifest_file>

or

o GetCertChainDates.exe -s <location_to_search>

· Example:

o GetCertChainDates.exe OLKIRM.XML

or

o GetCertChainDates.exe -s "c:\Program Files"

How to read the output of the tool:

Example output:

ValidUntil

Cert 0

2017-01-01T00:00

Cert 1

2017-07-10T21:38

Cert 2

2015-06-01T22:57

Cert 3

2015-11-29T21:30

Cert 4

2015-11-26T23:49

The earliest date in the ValidUntil column is the date when the manifest will expire and the application will no longer be able to access/create AD RMS protected content.

Hope this tool is usefull for people.

-Jason

Comments

  • Anonymous
    January 01, 2003
    Thanks for this tool! What does it mean if it tells that Cert 0 is ValidUntil 'none'? Cert 0: none Cert 1: 2020-11-12T00:03 Cert 2: 2015-06-01T22:57 Cert 3: 2015-11-29T21:30 Cert 4: 2015-11-26T23:49 Is there something wrong with the manifest?? Thanks! Uwe

  • Anonymous
    January 01, 2003
    "none" means the certificate has no validity-time range. For cert 0 zero this just means the certificate should always be considered valid, i.e. nothing to worry about.

  • Anonymous
    September 14, 2012
    you should have mentioned the "- v" flag more prominently... How to proceed, when the "IssueRightUntil" of Cert-1 has expired? Do we need a new production certificate??? Thanks, Dilettanto