When a signed applet is verified and the certificate has expired, there is no way to tell if the applet was signed when the certificate was still valid. The
current validation policy assumes applet to be untrusted if the certificate has
expired, but they cause side effect to well deployed massive application to
popup security warning unnecessary.
Solution: Build timestamping directly into signing tool, so validation process
may take place in Java Plug-in or Java Web Start by validating the timestamp.
Timestamping of signed jar files is covered in 4500302