使用Java 5 SE和更高版本,签名证书过期的签名jar将继续有效.但是,过期的证书不能用于签署任何进一步的jar.

From Oracle’s docs：

Prior to J2SE 5.0,the signature generated by jarsigner contained no information about w hen the signature was generated. With no other information available,systems/deployers (including users of the Java Plug-in) often based their validity assessment of a signed JAR file on the validity of the signing certificate. When the signing certificate expires,systems/deployers conclude that the signature,and hence,the JAR file,has expired. Because signing certificates typically expire annually,this caused customers significant problems by forcing them to re-sign deployed JAR files annually.

Starting in J2SE 5.0,jarsigner can generate signatures that include a timestamp,thus enabling systems/deployer (including Java Plug-in) to check whether the JAR file was signed while the signing certificate was still valid. In addition,APIs were added in J2SE 5.0 to allow applications to obtain the timestamp information.