Running an application that is correctly signed with a trusted certificate still displays the unsigned security prompt

Help Resources

Why does an unsigned security prompt appear when running an application that is signed with a trusted certificate?

This article applies to:

Java version(s): 7.0, 7u25, 8.0

SYMPTOMS

When running an application that is signed with a trusted certificate a security prompt still appears: An unsigned application from the location below is requesting permission to run.
Running this application may be a security risk.

Unsigned applet - An unsigned application from the location below is requesting permission to run. Running this application may be a security risk

Unsigned applet - An unsigned application from the location below is requesting permission to run. Running this application may be a security risk

CAUSE

With Java 7u25, a change to increase the security for users, applications with JAR files that were indexed after they were signed, now generate a security prompt.

SOLUTION

You should contact your application provider and ask them to update their application using the instructions below.

Instructions for application provider to resolve the issue

The change in Java 7u25 requires that indexing takes place before signing the JAR files with the certificate. Changing the build routine to index, creating the index.list file, before signing the JAR files resolves this issue.

MORE TECHNICAL INFORMATION

Bug referencing this issue: 8016771
Java 7u25 Release notes
More information on the security prompts can be found in the Code Signing FAQ.
Developers and system administrators should look at the Java Applet and Web Start Code Signing article. (OTN)

Applications known to be affected

The following companies have notified us that they have updated their products. Please go directly to their websites for further details.

Entrust - TruePass and Authority Administration Services

TruePass (login required)
Authority Administration Services (login required)