This is one place where cheapest may not be best.<p>We went through a similar thing a few years back with SSL certificates.<p>GoDaddy offered super-cheap (relatively speaking) certs, but none of the major browsers had GoDaddy in their default list of certification entities at that time.<p>So the upshot of using a GoDaddy cert was that every visitor would get a "not trusted" warning, even though the cert was legitimate.<p>That's not something you want your users to see when they're in the middle of signing up or downloading something from your site.<p>I don't know whether or not this concept applies to java & jar too, but you might want to confirm it before making a decision.
It's worse in the mobile space.<p>If you're trying to sign a jar to go on handsets, you pretty much either have to go a thawte certificate ($200), or a verisign certificate ($400) in order to guarantee compatibility with most handsets that are out there.
cacert are free certificates but the root certificates are not frequently preinstalled on browsers and mobile phones.
I was told that Microsoft asks around 10k$/year to add a root certificate in its browser. Add to this the cost to validate the certification process.<p>If you can get user's cooperation so that they can install the root certificate, you may go with cacert certificates. <p>The more web sites uses cacert, the more chances you will have that the cacert root certificate is preinstalled.<p>Regarding startup opportunity, as long as there is a problem and/or the opportunity to do something useful, the opportunity exists.<p>You might also be interested to follow the progress of my project <a href="http://dis.weebly.com" rel="nofollow">http://dis.weebly.com</a> because one of my objective is to do something in this field. But I am afraid it won't help juwo for is current problem.
Thawte wants to charge me $249 just to renew - I paid $50 for the certificate last year.<p>I heard you can get them free from CA Authority but when I looked it up, they have some procedure where you have to know someone who is a CA and attend their events, (which are mostly in Europe or California).