Unsigned applets can only connect to the server they are served from. This is a bit limiting if you want a web-based SSH session. Self-signing an applet "solves" this problem, but remember that just because an applet is signed doesn't mean you should trust it!
Here's how to do it yourself (change the name/credentials/jar to your own, obviously):
$ keytool -genkey -alias sickpea -validity 3650 -dname \ "CN=Sickpea, OU=Engineering, O=Sickpea, L=San Francisco, S=CA, C=US" $ keytool -selfcert -alias sickpea -validity 3650 $ jarsigner mindterm.sickpear.jar sickpea
In this example, the signed JAR will be valid for about 10 years.