I have signed my JWS app jar files with a valid certificate (COMODO) and this works fine but the user still receives a warning message that states:
'Part of the application is missing a digital certificate'.
Inspecting the warning indicates that the JNLP file isn't signed.
My JNLP files are built and streamed on the fly via a servlet.
It would appear this may be due to the property tags we use and that somehow magically prefixing the property name value with .jnlp or .javaws will help.
However this 'prefixing' doesn't seem to work - at least it made no odds to the warning I got when I altered the JNLP creating servlet to generate the reource property tag values with a .jnlp or .javaws prefix.
There is another old thread on this issue but, as with a lot of threads on here, OTT admin's have locked it with a snarky final comment for posterity.
I would imagine that a lot of web start apps are signed so how have other people got around this? It isn't a showstopper but I would be happier if at least the JNLP warning could be removed.
p.s has anyone managed to get the 'insert a link' button to work on this forum?
Assuming that you have actually signed it properly using the private key associated with the COMODO signed certificate then it looks to me as if the COMODO certificate is not trusted so the signature on the jar files cannot be verified. Is the COMODO certificate in the Java trust store?
P.S. I suspect your "property tags" comments are just a red herring.