Home Knowledge Things That Go Wrong
Things That Go Wrong

The Signing Certificate — And What Happened to Wonka

New Year's Eve 2023: Wonka stopped working in cinemas worldwide. The signing certificate had expired. Here's why it matters.

Video coming soon

Subscribe to The Post Factory on YouTube

What Is a Signing Certificate?

Every DCP contains a CPL — a Composition Playlist — which is the master instruction file telling the cinema server what to play. That CPL has to be digitally signed. This is how the cinema server knows the DCP is authentic — that it has not been tampered with and came from a legitimate authoring system. The signing uses a certificate chain: a trail of trust running from a root authority, through an intermediate certificate, down to the individual signing certificate used to make your specific DCP.

If any link in that chain is broken or out of date — the server will not play it.

What Happened to Wonka

On the 31st of December 2023, the certificate chain that Deluxe had been using to sign CPLs in their global mastering system expired. Deluxe had already been building a replacement environment, rolled out through December 2023. But approximately 450,000 CPLs had already been signed using the expiring certificate.

On certain cinema servers — particularly Sony-based systems — the server compared the certificate's expiry date against the current date rather than checking whether the certificate was valid at the point the DCP was created. Midnight struck. The certificate was expired. The server refused to play. Deluxe had to rush out re-created CPLs with the new certificate to get first-run titles through the holiday week.

This happened to Deluxe — one of the biggest post production companies in the world, with a film from a major studio. Every DCP vendor has signing certificates that will eventually expire, and the problem affects not just new releases but huge numbers of repertory titles constantly in circulation.

What This Means for Your Film

A signing certificate that expires after your film enters distribution means certain cinema servers will refuse to play it — with no warning until it happens in a cinema. The certificate chain needs to be maintained and monitored not just at the point of making the DCP but throughout the film's distribution life.

At The Post Factory, our authoring certificates are maintained, monitored and renewed as part of our infrastructure — not as an afterthought. When we deliver a DCP, it is signed with a current certificate chain, verified to be valid, and built to play reliably today and years from now.

Want a DCP that works correctly — now and in future?

Certificate management is part of our standard process on every job.

Get a Quote →
Related Articles
What Is a DCP? What Can Go Wrong Naming Convention
Get a Quote

1–3 day turnaround. Human checks on every job.

Get a Quote →
Contact Us

020 7183 1600

info@postfactory.co.uk

© 2026 The Post Factory. All rights reserved.

Facility Code: PFU  ·  London, UK