Q: Our deployment will sign all jars in the classpath and when we added Qoppa’s jar to it and run in production, we are getting the following error:

java.io.IOException: invalid SH-256 signature file digest for com/qoppa/pdf/k/m.class
at com.sun.deploy.cache.CachEntry$9.run(CacheEntry.java:1786)
at java.security.AccessController.doProviledged(Native Method)
at com.sun.deploy.cache.CacheEntry.writeFileToDisk(CacheEntry.java:1680)

A: The error can happen when the jar is signed twice. All of Qoppa’s jars are published signed and before you add your own signature, you will need to ‘unsign’ Qoppa’s jar first.

Read this entry about removing a signature on a jar.