Are Java code signing certificates the same as SSL certificates?
Short answer: No, they're different.
Long answer: It's the same sort of certificate and it uses the same crypto software, but the certificate has flags indicating what it is allowed to be used for. Code signing and web server are different uses.
When I import a new CA certificate in Firefox (etc.) I have the option of choosing which certificate uses I trust:
- Sign servers
- Sign code (like your applet)
- Sign email certificates
So to me the answer is: Yes, they're the same. Furthermore, why not generate your own with OpenSSL (man openssl, man x509, man req, etc. on Unix)? Do you want to just quiet down the warnings or do you want other people whom you've never met to trust your code? If you don't need other users to chain trust to the anchor CA's bundled with their browser, OS, etc., then use OpenSSL to generate your own.
And ask "How do I use OpenSSL to generate my own certificates?" if the latter is your choice.
Thawte offers code signing certificates here. I imagine other Certificate Authorities offer this service as well. You can also create self-signed certificates, with Java keytool.