I just recived a new signing certificate from Thawte and need to sign my jar files.
First I strip the old certificate META-INF\*.RSA, META-INF\*.SF & META-INF\*.MF from every jar file.
Then I resign every jar file with the new certificate and uploads them to the server.
Now, when I run my application I get: "Unable to launch" and the error: "#### Java Web Start Error: #### JAR resources in JNLP file are not signed by same certificate".
If I press OK, and try to run my application once more the error is gone and I get the the standard "Security Information" optionpane with the message "The application's digital signature has been verified..." and if I press "Run" the application starts normally
I test on a Virtual Windows XP inside Windows 7 with Java 7 Update 5 and my Windows 7. Jarfiles are signed with Java 6 update 33.
Why do I get the first "Unable to launch" when it works the second time?
My guess was that you have multiple signed jars and some of them have the new version, some of them (lazy jars?) still get loaded in old version (with different certificate). If this is the case, you could get around by removing the attributes download='lazy' during the certificate juncture.
I already tried to remove the lazy jars but it had no effect.
After a few more hours on this I have found that it seems to be a problem with the download="progress" option like:
<jar href="myjar.jar" main="true" download="progress" />
and progress-class option like:
<application-desc main-class="MyMainClass" progress-class="MyProgressClass" />
If I remove one of either progress or progress-class JWS crashes with a NullPointerException
If I remove them both my application starts without errors (but of cause the progress indicator goes back to standard)
So either I have to accept the "Unable to launch" the first time after a certificate update or I have to stop using a custom progress indicator. Update 2012-06-28 14:46:
I have found that if I remove
from the jnlp file the application also works the first time (but I suppose that is because JWS ignores signing when I do that)
So using progress and all-permissions seems to be the problem
Are you versioning your jar files in the jnlp/version.xml? I had the same issue and because I hadn't updated the version on unchanged jar files they were not brought down and I ended with a mismatch of jars some signed by the old cert and some by the new.