We have a code signing certificate that is set to expire on Feb. 19th. In an effort to be proactive, we started testing by setting the date ahead. We determined that with Java 8, setting the date ahead more than 2 weeks (even when it was before our expiration date), caused it to fail. It appears this is a 'limitation' with the OCSP server, as skipping that check made it work. We are now within 2 weeks of our expiration date, and the OCSP call is still failing if we set the date past our expiration date. I have found threads that discuss this issue (https://bugs.openjdk.java.net/browse/JDK-8047702) which report this started happening in Java 8 Update 5. I ran our test against the first version of Java 8, and sure enough it worked. As soon as I put Update 5 or any newer release on, it started to fail again.
As I was performing all my testing, i did notice that the 'Update' button in Java Control Panel fails if the date is set ahead over a week. This has me thinking that there is a chance that once we get within a week of our certificate expiration date, there is still a chance Java 8 will work, but I'm afraid that is just wishful thinking.
Does anyone know if this will ever work? Is anyone successfully using Java 8 with a timestamped jar file signed with an expired certificate? It works fine in Java 7.