Bug fix. Don't add certificates to virtual cacerts file that aren't currently valid, because the Java key store apparently can't contain multiple certificates with the same Subject.

runtime/vfs.cs

@@ -668,7 +668,7 @@ namespace IKVM.Internal
 					store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
 					foreach (X509Certificate2 cert in store.Certificates)
 					{
-						if (!cert.HasPrivateKey)
+						if (!cert.HasPrivateKey && cert.NotBefore < DateTime.Now && DateTime.Now <= cert.NotAfter)
 						{
 							jstore.setCertificateEntry(cert.Subject, cf.generateCertificate(new global::java.io.ByteArrayInputStream(cert.RawData)));
 						}