You are right. Applet security is a pain. But below are simple instructions on signing a jar file with a self made cert so you don't have to buy one. I do this for our companies internal intranet.
Signing JAR Files with a
Test Certificate
Here are the steps needed to sign a JAR file with a test certificate:
Make sure that you have a JDK 1.2 or JDK 1.3 keytool and jarsigner in your path (located in the J2SE SDK bin directory).
Create a new key in a new keystore as follows:
keytool -genkey -keystore myKeystore -alias myself
You will get prompted for a information about the new key, such as password, name, etc. This will create the myKeystore file on disk.
Then, create a self-signed test certificate as follows:
keytool -selfcert -alias myself -keystore myKeystore
This will prompt for the password. Generating the certificate takes a few minutes.
Check to make sure that everything is ok. To list the contents of the keystore, use the command:
keytool -list -keystore myKeystore
It should list something like:
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry:
myself, Tue Jan 23 19:29:32 PST 2001, keyEntry,
Certificate fingerprint (MD5):
C2:E9:BF:F9
3
F:4C:8F:3C:5F:22:9E:AF:0B:42:9D
Finally, sign the JAR file with the test certificate as follows:
jarsigner -keystore myKeystore test.jar myself
Repeat this step on all of your JAR files.
Please note that a self-signed test certificate should only be used for internal testing, since it does not provide any guarantees about the identity of the user and therefore cannot be trusted. A trust-worthy certificate can be obtained from a certificate authority, such as VeriSign, and should be used when the application is put into production.
After you have done that, everything should work for you.