jMonkeyEngine applications can be wrapped to work as webstart like any other java program (see google about the specifics ;)). The big "problem" about webstart is that you will need an encryption certificate to sign your jars, no way around it. Thawte Freemail used to be a place where you could get these for free (the warning would show "signed by Thawte Freemail Member") but that is not the fact anymore. From googling, I found that you can apparently get free certificates from http://www.startssl.com/ now.
Basically its the same information, its just different files with different flags. I do not know about this site, but with Thawte you could download the different versions (SSL, Code Signing) of your certificate via a menu. Would be nice if somebody could try if that works with startssl as well and report back. I also found that with the MacOS "keychain" tool you can export your .mac certificate for example in a format that you can use to sign jars… Maybe theres some tool to convert ssl to signing certs if startssl does not offer the download directly.
guys, you know that there is a tool inside the bin folder in the jdk that an sign stuff with your own signature? (aka Signed by empirephoenix.de ^^) If they get the security warning then it should at least show your site!
Yeah Empire Phoenix is right, unless the certificate is actually "approved by agency" there's no point in getting it. The keytool and jarsigner in jdk are good enough for most things but of course the user will get a warning that the java program will have full control, etc. If you're using the AppletLoader in LWJGL then you don't even need to sign your jars, AppletLoader is signed with a purchased certificate and the message the user will see is not a warning but just a simple "Approve?" type dialog. The AppletLoader will then use its extended permissions to download your jars and run them.