Security Help grownup techie
Oh, no! Failed to verify authenticity!


Why am I getting a security warning?

The application you are installing will need access to your hard drive or to the internet, so Java Web Start wants to verify that the application really came directly from Bobbing Software, and hasn't been tampered with.

"Failed to verify the authenticity of this certificate." What's that?
Java Web Start has no idea what Bobbing Software's security "signature" is supposed to look like, so it cannot guarantee that the signature on this application is really Bobbing Software's signature.
"No assertions can be made of the origin or validity of the code." Huh?
Without a sample of Bobbing Software's signature for comparison, it can't be sure it's a "Bobbing Software" application.
So I'm stuck?
No, you're good. Java Web Start doesn't notice a similarity between the company name "Bobbing Software" and the domain name "". Download directly from, and you can be pretty sure this is an "authentic" Bobbing Software product.
If I do, am I still guaranteed there aren't any bugs or viruses?
Well no, but you never were. Even with a certificate, Java Web Start can only guarantee that any problems came from Bobbing Software, and weren't added later.
Is there Spyware or Adware in your programs?
No. All code supports the described functionality only.
Are there bugs in any of your programs?
Inconceivable! (But, uh, if you've found something wrong or odd, please let us know.)
Shouldn't Bobbing Software get a security certificate to prevent bugs, spyware, and viruses?

If a certificate could do that, we would get one.

A security certificate only guarantees that you have an exact copy of what was sent by the person or business who "signs" it. That provides accountability; if you encounter bugs, spyware, and viruses, you'll know who to blame.

You can accomplish the same thing by downloading directly from our site.

Shouldn't Bobbing Software get a certificate anyway, just to stop that scary dialog?

Yes, but it isn't easy or cheap. To keep our signature in their database for one year, Verisign wants $499.

Talk to us! A fake email address is fine. (It is only for linking with your Disqus comments on other sites.)