I found this excellent article on Mikes Musings regarding the Firefox plugin loading mechanism: http://mike.kaply.com/2012/02/16/how-firefox-loads-plugins/

Using that information I discovered that JavaFX contained an old NPAPI plugin which was causing this.

These are the registry paths I found that Firefox uses to determine what plugins to load:

HKEY_CURRENT_USER\Software\MozillaPlugins
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins

After uninstalling JavaFX Firefox loads the Java applet without prompting.

There’s a very thorough guide here that describes how you can convert a Java cert to an Authenticode cert.

http://tjworld.net/software/codesigning/

The link to download the needed tools is broken, but I found it somewhere else:

http://www.myssl.cn/download/jks2pfx.zip

This procedure worked for me and produced an Authentocde certificate, but my certificate was not immediately trusted by Windows. My certificate was obtained from GlobalSign and they used an intermediary certificate to sign this certificate. To make Windows trust this certificate the intermediary certificate must be included in the PKCS12 file as well.

To do this you can download a copy of the intermediary certificate from here: http://secure.globalsign.net/cacert/sureobject.crt

The file is in the binary form, so convert it to X509 like this: openssl x509 -inform der -in sureobject.crt -out sureobject.pem

Then edit the jks2pfx.bat file and on the line that starts “openssl pkcs12″ add to the end: -certfile sureobject.pem

Run jks2pfx.bat again with the necessary arguments, enter the password you want to use, then open the PFX file to import the certificate and private key into your Windows certificate store.

You should be ready to start signing.