We have purchased a code signing certificate, and I have signed an Applet jar with this certificate, using the jarsigner
command and certificate in .pfx format. But when the applet is loaded in the browser, it shows the "Publisher Unknown" and "digital signature could not be verified" error.If I import the certificate from Java Control Panel -> Security -> Certificates -> Signer CA, the Publisher starts showing up correctly and "Digital signature is verified" message appears.
My question is that as we are signing the jar with a trusted certificate, then why do I have to still import the certificate to see correct results? Shouldn't it show the Publisher correctly/verify signature correctly , even without having to import it?