Plugins in Custom Update Center appear as "Signed but not Trusted"

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Plugins in Custom Update Center appear as "Signed but not Trusted"

I recently acquired a Code Signing Certificate from Comodo for use with my NetBeans RCP Application. Signing the installer app.exe was fairly painless and incorporated into my Ant Build.xml script.

I wasn't able to figure out how to get NetBeans to utilize a tsaurl while signing all the nmb's in my app; but I did get my nbm's signed using my code signing certificate. I verified this with jarsigner and also looked into the manifest of the nbm's and found the required *.RSA file there.

When my users download the updates, they are presented with a Dialog listing all the nbm's and state that they are signed but not trusted. Is there another step I am missing or hints of what to check next? I'd like to have them trusted, as that is why I acquired the certificate.

I did re-sign the nmb's manually using jarsigner again to force the tsurl to be applied. This had no effect on the results. FYI

To be more specific, I am using NetBeans 8.02 still and the clients are using Java 8.0.74 that is bundled with the RCP app, built through Ant.

As an experiment I published another update through my update center. This time the Dialog stating all my nbms were signed but not trusted - did not appear. I followed the NetBeans sourcecode and it appears that Java/NetBeans may treat all certificates as untrusted until they are accepted at least once by the end user.

If this is true, I still don't want my users to see this Dialog even the first time. It will confuse them and they may not trust my app. I paid for a code signing certificate so that all trust concerns should be minimized.

Any ideas how I can suppress this Dialog from appearing the first time?