What Jukka suggests is that you can check the certificates on a given .sis file using the same signsis utility that can sign .sis files. I guess the switch is /o, but a signsis /? will certainly tell. Then you will see the expiry dates of certificates.