I thought I'd share this info in case others have the same problem:
I have been signing Jar files for several years using Java 1.6, 1.7 and typically have used self-signed certs, installed to the Windows keystore and signing directly from that keystore using
jarsigner -storetype Windows-MY -tsa "<timestampservice>" Target .jar "keyalias"
However upgrading to Java 1.8 causes this to fail as well as attempting to sign directly from the exported pkcs12 (.pfx) keystore file as:
jarsigner -storetype pkcs12 -keystore MyPKCS12File.pfx Target.jar "keyalias"
(signing this way DID work properly in Java 1.7).
A workaround is to import the public/private key from the pfx file into a Java keystore (say MySigKeyStore for example below) like so:
keytool -v -importkeystore -srckeystore MyPKCS12File.pfx -srcstoretype PKCS12 -destkeystore MySigKeyStore -deststoretype JKS
After this is done (with possibly creating a new Java keytore file if not already found), the alias for accessing this key can be found by:
keytool -list -v -keystore MySigKeyStore
Now, jars can be signed from that Java store entry (with 2 pswd prompts, one for the keystore and one for the protected private key ...by default same as for the pfx/pkcs12 file)
jarsigner -keystore MySigKeyStore -tsa "timestampservice" Target.jar "keyalias"
jarsigner -verify -verbose Target.jar
now shows the Timestamping status in some detail (added in Java 1.8?)