Fatal: Application Error: Cannot grant permissions to unsigned jars #984
Description
Java: OpenJDK8U-jdk_x64_windows_hotspot_8u462b08 (Adoptium Eclipse)
WebStart: azul-icedtea-web-1.8.8-28.win_x64
O/S: Windows 11
Webstart application is failing on launch. Java console reports that the downloaded jars have been verified as unsigned, but when I can confirm with jarsigner that they are signed, and using SHA256
Any advice on why we get this error, and why icedtea thinks they are unsigned?
Java console log:
net.sourceforge.jnlp.LaunchException: Fatal: Initialization Error: Could not initialize application. The application has not been initialized, for more information execute javaws from the command line.
at net.sourceforge.jnlp.Launcher.createApplication(Launcher.java:846)
at net.sourceforge.jnlp.Launcher.launchApplication(Launcher.java:531)
at net.sourceforge.jnlp.Launcher$TgThread.run(Launcher.java:969)
Caused by: net.sourceforge.jnlp.LaunchException: Fatal: Application Error: Cannot grant permissions to unsigned jars. Application requested security permissions, but jars are not signed.
at net.sourceforge.jnlp.runtime.JNLPClassLoader$SecurityDelegateImpl.getClassLoaderSecurity(JNLPClassLoader.java:2496)
at net.sourceforge.jnlp.runtime.JNLPClassLoader.setSecurity(JNLPClassLoader.java:384)
at net.sourceforge.jnlp.runtime.JNLPClassLoader.initializeResources(JNLPClassLoader.java:812)
at net.sourceforge.jnlp.runtime.JNLPClassLoader.(JNLPClassLoader.java:337)
at net.sourceforge.jnlp.runtime.JNLPClassLoader.createInstance(JNLPClassLoader.java:420)
at net.sourceforge.jnlp.runtime.JNLPClassLoader.getInstance(JNLPClassLoader.java:494)
at net.sourceforge.jnlp.runtime.JNLPClassLoader.getInstance(JNLPClassLoader.java:467)
at net.sourceforge.jnlp.Launcher.createApplication(Launcher.java:838)
... 2 more
netx: Initialization Error: Could not initialize application. (Fatal: Application Error: Cannot grant permissions to unsigned jars. Application requested security permissions, but jars are not signed.)
App already has trusted publisher: false
Jar found at C:\Users\thiscox.cache\icedtea-web\cache\29\https*\javaws.jarhas been verified as UNSIGNED
Jar found at C:\Users\thiscox.cache\icedtea-web\cache\27\https*\log4j.jarhas been verified as UNSIGNED
Jar found at C:\Users\thiscox.cache\icedtea-web\cache\28\https*\commons-beanutils.jarhas been verified as UNSIGNED
Jar found at C:\Users\thiscox.cache\icedtea-web\cache\26\https*\servlet-api.jarhas been verified as UNSIGNED
Jar found at C:\Users\thiscox.cache\icedtea-web\cache\24\https*\websocket-client.jarhas been verified as UNSIGNED
Jar found at C:\Users\thiscox.cache\icedtea-web\cache\23\https*\jetty-util.jarhas been verified as UNSIGNED
Jar found at C:\Users\thiscox.cache\icedtea-web\cache\25\https*\jetty-webapp.jarhas been verified as UNSIGNED
Jar found at C:\Users\thiscox.cache\icedtea-web\cache\21\https*\jetty-servlet.jarhas been verified as UNSIGNED
Jar found at C:\Users\thiscox.cache\icedtea-web\cache\20\https*\jetty-server.jarhas been verified as UNSIGNED
Jar found at C:\Users\thiscox.cache\icedtea-web\cache\22\https*\SmartyClient.jarhas been verified as UNSIGNED
Output from jarsigner -verify -verbose:
- Signed by "OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.2.5.4.15=Private Organization, CN="E2OPEN, LLC", SERIALNUMBER=3706787, O="E2OPEN, LLC", L=Austin, ST=Texas, C=US"
Digest algorithm: SHA-256
Signature algorithm: SHA256withECDSA, 384-bit key
Timestamped by "CN=SSL.com Timestamping Unit 2024 E1, O=SSL Corp, L=Houston, ST=Texas, C=US" on Fri Sep 12 13:52:30 UTC 2025
Timestamp digest algorithm: SHA-256
Timestamp signature algorithm: SHA256withSHA256withECDSA, 256-bit key
jar verified.
The signer certificate will expire on 2027-05-28.
The timestamp will expire on 2034-02-16.