Hi Cameron,
You can use keytool.exe that is included in your JRE install to accomplish this.
Keep in mind for version 15.1 the default keystore folder is in c:\ProgramData now and not in your Symantec DLP local directory.
D:\SymantecDLP\Server JRE\1.8.0_162\bin>keytool.exe -list -v -keystore "C:\ProgramData\Symantec\Data Loss Prevention\Enforce Server\15.1\keystore\monitor6_keystore_v1.jks"
(Default password is protect, unless this was modified during key creation. Also, sometimes the default password is just blank and hitting enter at the password prompt will display the keystore contents)
This should display the certificate details ... you can narrow down the output with a | findstr "Valid from"
Which will display 2 lines ... the first is your Monitor server certificate and the 2nd is the Enforce Root CA
Hope this helps!
Cheers
Andy