diff --git a/tycho-gpg-plugin/src/main/java/org/eclipse/tycho/gpg/SignRepositoryArtifactsMojo.java b/tycho-gpg-plugin/src/main/java/org/eclipse/tycho/gpg/SignRepositoryArtifactsMojo.java
index 62639d8486..3e5ad18fd1 100644
--- a/tycho-gpg-plugin/src/main/java/org/eclipse/tycho/gpg/SignRepositoryArtifactsMojo.java
+++ b/tycho-gpg-plugin/src/main/java/org/eclipse/tycho/gpg/SignRepositoryArtifactsMojo.java
@@ -252,6 +252,13 @@ private void handle(IArtifactDescriptor artifactDescriptor, File artifact, Proxy
                     try {
                         var signedContent = signedContentFactory.getSignedContent(artifact);
                         if (signedContent.isSigned()) {
+                            for (var signerInfo : signedContent.getSignerInfos()) {
+                                // Check that the signature was produced within the validity range of the certificate.
+                                // If not, this call throws CertificateExpiredException or CertificateNotYetValidException.
+                                // That ensures we continue the logic that follows as if the content were not signed.
+                                signedContent.checkValidity(signerInfo);
+                            }
+
                             if (skipIfJarsigned) {
                                 return;
                             }