i am very confused. i have a project using openwebstart on top of openjdk 17 (started with J8 years ago) we are signing all Jars needed using a code signing cert purchased from a known CA. the code signing cert expired yesterday.
I ran a build today and even though the logs now say the cert is expired the build and jar signing passes and the JNLP file can be launched with no issues, no prompts or anything. everythinkg seems to magically keep on working.
can someone explain this? i would expect the build to fail and the browser/ows runtime to reject the jar downloading due to the fact they arent signed with a valid cert... i am confused. any comments would be appreciated. thanks.
BTW, this is the log output for a sample jar signing. as you can see it expired:
[signjar] The signer certificate expired on 2024-03-09. However, the JAR will be valid until the timestamp expires on 2031-11-10.
[signjar] jar signed.