Tool to determine the validity dates of your application manifests.

As I'm sure many of the people subscribed to this blog have realized, it is important to be able to discover the validity dates in your application manifests to determine if and when a particular cert-chain will expire so you can take appropriate actions prior to the chain expiration.

Here is a tool that you can use to accomplish that task (Disclaimer: This tool is completely unsupported so use it at your own risk.).


Instructions for GetCertChainDates



·         Microsoft .Net Framework v2.0 or above. 

Usage instructions:


·         Copy the to your machine and extract the GetCertChainDates.exe tool

·         From a command line use GetCertChainDates as follows: 

o   GetCertChainDates.exe  <path_to_manifest_file>


o   GetCertChainDates.exe -s <location_to_search>

·         Example:

o   GetCertChainDates.exe OLKIRM.XML


o   GetCertChainDates.exe -s "c:\Program Files"

How to read the output of the tool:


Example output:



Cert 0


Cert 1


Cert 2


Cert 3


Cert 4










The earliest date in the ValidUntil column is the date when the manifest will expire and the application will no longer be able to access/create AD RMS protected content.

Hope this tool is usefull for people.


Comments (3)

Cancel reply

  1. Anonymous says:

    Thanks for this tool!

    What does it mean if it tells that Cert 0 is ValidUntil ‘none’?

    Cert 0: none

    Cert 1: 2020-11-12T00:03

    Cert 2: 2015-06-01T22:57

    Cert 3: 2015-11-29T21:30

    Cert 4: 2015-11-26T23:49

    Is there something wrong with the manifest??



  2. Anonymous says:

    "none" means the certificate has no validity-time range. For cert 0 zero this just means the certificate should always be considered valid, i.e. nothing to worry about.

  3. Dilettanto says:

    you should have mentioned the "- v" flag more prominently…

    How to proceed, when the "IssueRightUntil" of Cert-1 has expired?

    Do we need a new production certificate???



Skip to main content