I'm trying to open a Java Web Start applet on OS X Lion but it won't open due to certificate validation (of the Java code, not the source website of the JNLP Web Start file). This JNLP opens fine on OS X Snow Leopard.
The error I receive is: Failed to validate certificate. The application will not be executed.
And clicking 'Details' gives me: java.security.cert.CertificateException: Unable to evaluate certificates.
What is puzzling me is that I can't work out which bit of OS X has changed so as to not trust the certificate any more. The code is signed by a VeriSign 'Class 3 Code Signing 2010 CA' which is included in the signed Java JARs, and all of the relevant intermediate and root CAs seem to be in my OS X system's cacerts (and they're the same certs in both Lion and Snow Leopard cacerts).
Also, I downloaded all of the JARs that were listed in the Web Start JNLP manually and ran them through 'jarsigner -verify' and they all verified correctly!
So - any suggestions where Java Web Start on OS X is looking to determine whether this code is valid, and what might have changed in the upgrade to OS X Lion?
