This could be because the JAR has been signed using the default development key. This is the case when devMode is set to true in your build.gradle.
If this is the case you need to add cordappSignerKeyFingerprintBlacklist=[] to the node.conf. If devMode=false, the Corda development key is blacklisted as it's completely insecure. This is suitable for PoC purposes only, NOT PRODUCTION.
The correct fix is to sign the app with a your 'own' key.
You can also switch off Jar signing when building the CorDapp by setting cordapp { signing { enabled false } } in the build.gradle, which should cause it not to be signed.
More information can be found here: https://docs.corda.net/cordapp-build-systems.html#signing-the-cordapp-jar
