When I had similar problems after checking the jars it turned out that some 3rd party jar was signed by someone else.

当我检查罐子后遇到类似问题时，结果发现某些 3rd 方罐子是由其他人签名的。

You should create a separate jnlp file for the jars signed by the other certificate and read this jnlp from your jnlp file:

您应该为其他证书签名的 jar 创建一个单独的 jnlp 文件，并从您的 jnlp 文件中读取此 jnlp：

<resources>
  ...
  <extension name="other" href="other.jnlp"/>
</resources>

Hereor hereyou can find an example.

在这里或在这里你可以找到一个例子。

This may be a stale manifest entry from an already signed jar that you use as a library. I encountered this problem with jogl via webstart. Try this:

这可能是来自您用作库的已签名 jar 的陈旧清单条目。我通过 webstart 用 jogl 遇到了这个问题。尝试这个：

Unzip all jars, purge all META-INF directories, jar and sign them again.

解压所有 jar，清除所有 META-INF 目录，jar 并再次签名。

I've found that JNLP/Webstart does not like multiple signatures/signing via jarsigner.exe for a given JAR. If a JAR such as BouncyCastle (which comes presigned) is signed again with your Company's certificate, visual inspection leads me to believe that the new Certificate and Signatures are performed properly in the JAR. but that JNLP may be reading only the first (Alphabetical?) signature in the META-INF, and thereby complaining it doesn't match your other JARs (which have only one, Corporate, signature on each JAR).

我发现 JNLP/Webstart 不喜欢通过 jarsigner.exe 对给定 JAR 进行多重签名/签名。如果像 BouncyCastle（预先签名）这样的 JAR 再次使用贵公司的证书签名，目视检查使我相信新的证书和签名在 JAR 中正确执行。但是 JNLP 可能只读取 META-INF 中的第一个（按字母顺序？）签名，从而抱怨它与您的其他 JAR 不匹配（每个 JAR 上只有一个公司签名）。

See the explanation for one of the FAQ: How do I use multiple JAR files signed by different certificates?

请参阅其中一个常见问题解答的说明：如何使用由不同证书签名的多个 JAR 文件？

Right solution.

正确的解决方案。

I had the exact same experience as described by Matthew with the presigned BouncyCastle JARs. However, I found that JRE version 1.6.0_14 and later will gladly accept JARs with multiple signatures (as I would expect). Hence, I did not need to use the JNLP 'component extension mechanism' described above.

我的经历与 Matthew 描述的预签名 BouncyCastle JAR 完全相同。但是，我发现 JRE 版本 1.6.0_14 及更高版本很乐意接受具有多个签名的 JAR（正如我所期望的）。因此，我不需要使用上述 JNLP 的“组件扩展机制”。

PS Did not find any obvious references to this fix in the 1.6.0_14 release notes. However, I have verified that multiple signed JARs works in all later versions (at least 14 - 17 + 24).

PS 在 1.6.0_14 发行说明中没有找到对此修复程序的任何明显引用。但是，我已经验证多个签名的 JAR 在所有更高版本（至少 14 - 17 + 24）中都有效。

In my project, what happened is that there are couple of instances in the load balancer pool, there are some instances with old version of code and some with new version. Thus there are certificates not signed by same certificate...

在我的项目中，发生的情况是负载均衡器池中有几个实例，有些实例使用旧版本的代码，有些使用新版本。因此，有些证书不是由同一证书签名的......

The following script lists serial number of the RSA certificate in each jar in /some/lib directory and helps to find jars that are signed by the wrong certificate:

以下脚本列出了 /some/lib 目录中每个 jar 中 RSA 证书的序列号，并有助于查找由错误证书签名的 jar：

for f in $( find /some/lib -type f -name '*.jar' )
do 
   serial=$( unzip -p $f 'META-INF/*.RSA' | 
             openssl pkcs7 -inform der -print -noout |
             grep --max-count=1 serialNumber | cut -d: -f2- | tr -d ' ' )
   printf "%40s: %s\n" "$serial" "$f"
done