wl wrote:No luck, again. Using tasurl "https://timestamp.geotrust.com/tsa" for signing did not make a difference. There is still a security box claiming an expired signature. I verified that the timestamp server was actually used by looking into META-INF/MINT_SIG.RSA - the file contains the string "geotrust". Also, I did a "jarsigner -verifiy -verbose" on each jar file in the jnlp. Every file is marked "sm" (signature was verified, entry is listed in manifest).
Thanks. After removing the certificate from the list of trusted certificates I am getting the same security box again, this time with trace enabled. Unfortunately it is not very helpful. Meanwhile I discovered that the jars were signed without using a timestamp server (a regression in the build script a while ago). Hopefully using a timestamp server resolves it...
ntn wrote:Meanwhile I've got the correct trace (ignore my trace from last week). I cannot post it here because it exceeds 30k. See below for a shortened version. After this the security dialog appears with this hint: The application's digitial signature has expired.
You can turn on tracing to get more debug info. See: http://docs.oracle.com/javase/7/docs/webnotes/tsg/TSG-Desktop/html/plugin.html#gcexdf
ntn wrote:I know... the trace complains only about one thing, and that is an unsigned JNLP. Which is optional and probably unrelated to this problem. I included the english version of the warning in my last post. It is "The application's digital signature has expired." I believe this is to be treated differently from an expired certificate. The certificate is NOT expired. As can be seen in screenshots posted earlier in this thread, the certificate is valid two more years. It had been renewed just one or two weeks ago. And this problem is probably not related to the renewal because the code was signed after, plus we have had reports of the same problem for the old certificate.
The tracing does not show any thing saying that the certificate expired. Maybe it you could post the image of the dialog or full text of the warning message (English if possible) it would be easier to track.
Edited by: ntn on Oct 19, 2012 6:46 PM
970048 wrote:Well that seems to indicate a problem with JRE7. We were also suspecting some regression in that WebStart version. Difficult to pinpoint though.
We have the same issue with a user who downloaded jre7 for the 1st time today, (with a webstart app that has been running for a couple of years 'ok'). Not sure if that is a red herring or not, but other users who have earlier versions of 7 installed are able to launch with no issues.