diff --git a/build.xml b/build.xml
index c30079ae..56661b0a 100644
--- a/build.xml
+++ b/build.xml
@@ -2426,7 +2426,7 @@
         <exec executable="perl" dir="${utilities.dir}"
             input="${temp.dir}/embedded.pem">
             <arg value="${utilities.dir}/check_embedded.pl"/>
-            <arg value="-q"/>
+            <arg value="${entities.dir}/expiry_whitelist.txt"/>
         </exec>
         <delete file="${temp.dir}/embedded.pem" quiet="true" verbose="false"/>
     </target>
diff --git a/utilities/check_embedded.pl b/utilities/check_embedded.pl
index 8f324cef..8272fccd 100755
--- a/utilities/check_embedded.pl
+++ b/utilities/check_embedded.pl
@@ -13,7 +13,7 @@
 #
 # Command line options:
 #
-#	-q	quiet		don't print anything out if there are no problems detected
+#   check_embedded.pl whitelistfile inputfile
 #
 
 #
@@ -31,22 +31,6 @@
 #
 my $longExpiredDays = 30*3; # about three months
 
-#
-# Load expiry whitelist.
-#
-open(WL, 'expiry_whitelist.txt') || die "can't open certificate expiry whitelist";
-while (<WL>) {
-	# fold lines
-	while (/^(.*)\\\s*$/) {
-		chomp;
-		$_ .= ' ' . <WL>;
-	}
-	next if /^\s*#/;	# drop comments
-	next if /^\s*$/;	# drop blank lines
-	my ($fingerprint) = split;
-	$expiry_whitelist{uc $fingerprint} = 'unused';
-}
-
 sub error {
 	my($s) = @_;
 	push(@olines, '   *** ' . $s . ' ***');
@@ -67,10 +51,7 @@ sub comment {
 #
 # Process command-line options.
 #
-while (@ARGV) {
-	$arg = shift @ARGV;
-	$quiet = 1 if $arg eq '-q';
-}
+$whitelistfile = shift @ARGV;
 
 #
 # Hash of already-seen blobs.
@@ -106,6 +87,22 @@ sub comment {
 
 my $total_certs = 0;
 
+#
+# Load expiry whitelist.
+#
+open(WL, $whitelistfile) || die "can't open certificate expiry whitelist $whitelistfile";
+while (<WL>) {
+    # fold lines
+    while (/^(.*)\\\s*$/) {
+        chomp;
+        $_ .= ' ' . <WL>;
+    }
+    next if /^\s*#/;    # drop comments
+    next if /^\s*$/;    # drop blank lines
+    my ($fingerprint) = split;
+    $expiry_whitelist{uc $fingerprint} = 'unused';
+}
+
 while (<>) {
 
 	#
@@ -369,7 +366,7 @@ sub comment {
 		#
 		# Print any interesting things related to this certificate.
 		#
-		if ($printme || !$quiet) {
+		if ($printme) {
 			foreach $oline (@olines) {
 				print $oline, "\n";
 			}
diff --git a/utilities/expiry_whitelist.txt b/utilities/expiry_whitelist.txt
deleted file mode 100644
index e3fd21fa..00000000
--- a/utilities/expiry_whitelist.txt
+++ /dev/null
@@ -1,73 +0,0 @@
-#
-# expiry_whitelist.txt
-#
-# This file lists certificates whose expiry should be ignored for some
-# reason.
-#
-# Lines can be continued by ending them with a '\'.
-# Blank lines, and lines starting with a '#', are ignored.
-#
-# The format of lines describing a whitelisted certificate is a series
-# of fields separated by spaces or tabs (standard Perl fields).
-#
-# Field 1:  SHA-1-fingerprint for the certificate
-# Field 2:  reason code
-#
-# Subsequent fields are ignored, and can be used as a comment.
-#
-# Combining the above:
-#
-# A9:16:56:BB:5C:0C:27:BE:B4:D0:3B:CF:A8:DA:1D:8E:37:54:00:4A reason \
-#    this is a comment describing the certificate.  Entity uk123456. Call 9999.
-#
-# Common reason codes:
-#    * none
-#
-B1:1A:B2:19:0E:7E:2B:97:C4:6A:AA:D8:97:F6:09:BE:E3:81:EB:D6 \
-    Certificate expired for a "e-academy Incorporated: OnTheHub" Shibboleth SP for e-academy Incorporated. Entity uk001473. Call 6592.
-
-43:39:DB:D5:08:1C:87:7A:F5:72:6E:60:80:7F:CA:AC:B5:A2:94:1B \
-    Certificate expired in a Palgrave Macmillan staging SP. Entity uk001446. Call 7663.
-
-4D:4B:09:FF:2E:E3:36:77:CD:65:59:94:DE:28:CF:8B:51:55:90:E4 \
-    Certificate expired in an 'RM Easymail Plus' Shibboleth SP owned by RM Education plc. Entity uk001483. Call 8254.
-    
-F9:04:F9:4A:4B:D4:7D:30:42:88:64:1B:C8:51:EF:CC:43:D9:30:10 \
-    Certificate expired - no reply from Kindit Ltd (Picturemaxx) - call 10305.
-    
-4D:DE:9C:CB:68:F7:EB:FF:A2:E9:CC:A0:1A:9F:9D:9D:86:DA:C2:97 \
-    Certificate expired in a Shibboleth IdP for Hopwood Hall College. Entity uk001648. Call 10211.
-    
-90:A3:BB:7B:C3:8E:EB:57:8D:DA:4E:42:01:64:3B:11:D9:B4:F5:75 \
-    Certificate expires 8 January 2015 - merger - Stourbridge College.  Entity uk001743. Call 11565.
-
-64:44:D0:DF:86:52:F3:CD:3D:D6:75:8F:8E:84:82:92:7F:4E:93:C3 \
-    Certificate expired 10 April 2015 - Dawson Shibboleth SP for Semantico Limited.  Entity uk002112. Call 12202.
-
-AD:08:96:85:E3:C1:50:AD:31:4C:6D:B2:74:78:40:21:20:5A:7D:D3 \
-    Certificate expired 10 Jan 2016 - Cardiff pre-prod IdP. Entity uk001170. Call 14603.
-    
-92:11:9D:AC:9D:B2:6E:97:1D:10:CC:FD:30:48:EB:04:0F:91:7E:B3 \
-    Certificate expired 25 Jan 2016 - Janet community site staging SP. Entity uk002056. Call 14681.
-
-AC:61:A4:E0:0B:93:13:AD:30:B4:25:3E:34:09:BB:89:4D:97:9A:C4 \
-    Old certificate expired 29 Jan 2016 - Lancaster and Morecambe College IdP. Entity uk001215. Call 14774.
-    
-F7:E4:37:53:85:79:7D:41:B2:8A:ED:D5:6B:D4:21:57:FE:59:F3:05 \
-    Old certificate expired 16 Nov 2015 - Cadbury Sixth Form College IdP. Entity uk001150. Call 14032.
-    
-3D:68:7B:71:14:31:20:6F:19:49:C4:34:CE:AE:B0:00:68:60:FF:46 \
-    Expired certificate in an unused staging IdP - University of Essex. Entity uk001359. Call 15615.
-    
-94:E5:25:42:BC:70:9C:19:75:07:1E:9A:58:EE:C4:A7:D6:BA:97:2B \ 
-    Expired certificate (23/04/16) in an unused Shibboleth IdP for Totton College. Entity uk000231. Call 15316.
-    
-F3:63:1C:35:CC:BC:FD:E7:A4:B7:3B:C8:54:FF:AF:0F:0F:A2:66:04 \
-    Expired certificate (26/07/16) for a Shibboleth test IdP for Canterbury Christ Church University. Entity uk002469. Call 15960.
-    
-13:C7:EB:D0:42:30:4A:41:40:1C:6F:F8:08:AA:EB:89:B2:31:05:2B \
-    Expired certificate (09/05/2016) for a Shibboleth IdP for King George V College. Entity uk001322. Call 15465.
-
-F6:FF:A2:1A:61:1A:05:C0:2A:A3:5B:30:63:95:32:7D:16:39:D7:05 \
-    Expired certificate in IdP for Henley College Coventry (uk001729) which is being replaced - SR00113049
-# END