Hi, been trying to deploy an application on web start. It contains multiple third party jar files, some of which have been signed with a certificate that has since expired, once this problem was discovered I followed advice from Java forums and deleted DSA and RS files from the META-INF folder. To avoid conflicting problems with multiple jars, and since just in the testing stage I decided to just unpack all the jars and repack into a blob.jar, signing and verifying it with jarsigner, and listing this then as the only resource in the jnlp file. Presently just testing on localhost, with the jnlp and the blob.jar being deployed via Tomcat.
Any ideas what reason there is for this exception still being thrown? Thanks.
Here is the exception being thrown:
com.sun.deploy.net.JARSigningException: Could not verify signing in resource: http://localhost:8080/tmev/lib/blob.jar at com.sun.javaws.security.SigningInfo.verifyAllEntriesSigned(Unknown Source) at com.sun.javaws.security.SigningInfo.checkSigning(Unknown Source) at com.sun.javaws.LaunchDownload.checkSignedResourcesHelper(Unknown Source) at com.sun.javaws.LaunchDownload.checkSignedResources(Unknown Source) at com.sun.javaws.Launcher.prepareLaunchFile(Unknown Source) at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source) at com.sun.javaws.Launcher.launch(Unknown Source) at com.sun.javaws.Main.launchApp(Unknown Source) at com.sun.javaws.Main.continueInSecureThread(Unknown Source) at com.sun.javaws.Main$1.run(Unknown Source) at java.lang.Thread.run(Unknown Source)
Hi thanks for the link, though tweaking the manifest really did not seem to help with the problem at all. Ended up just figuring out the one jar file signed by another authority was non-essential and removed it from the jnlp file, not too sure what I could do if it were essential.