I'm looking around for a Java Code Signing certificate so my Java applets don't throw up such scary security warnings. However all the places I've found offering them charge (in my opinion) way too much, like over $200 per year. While doing research, a code signing certificate seems almost exactly the same as a SSL certificate.
The main question I have: is it possible to buy a SSL certificate, but use it to sign Java applets?
Short answer: No, they're different.
Long answer: It's the same sort of certificate and it uses the same crypto software, but the certificate has flags indicating what it is allowed to be used for. Code signing and web server are different uses.
When I import a new CA certificate in firefox (etc) I have the option of choosing which certificate uses I trust:
So to me the answer is Yes, they're the same. Furthermore, why not generate your own with openssl. (man openssl, man x509, man req, etc on Unix)? Do you want to just quiet down the warnings or do you want other people whom you've never met to trust your code? If you don't need other users to chain trust to the anchor CA's bundled with their browser, OS, etc, then use openssl to generate your own.
And ask "how do I use OpenSSL to generate my own certificates?" if the latter is your choice.
Thawte offers code signing certificates here. I imagine other Certificate Authorities offer this service as well. You can also create self-signed certificates, with Java keytool.