This article is an interesting read for people unaware of the security changes introduced in 1.7.0_25. Within the article is the quote "Enterprises with managed networks and without access to the Internet (resulting in no access to the revocation services provided by Certificate Authorities) will see a significant delay in startup times." I think the word significant should be in bold and underlined.
Launch times for our application (when already cached on client workstations) is under 40 seconds when on a network with Internet access. Clients on managed networks are reporting launch times of six to ten minutes because the certificate checker isn't smart enough to skip checking subsequent JAR's after a previous check fails do to a connection timeout. Is there an alternative to deactivating certificate checking on the workstations that could mitigate this issue? Any insight would be appreciated.