One of the security features of Jenkins is to send Content Security Policy (CSP) headers which describes how certain resources can behave. The default policy is extremely restrictive which can cause problems with content added to Jenkins via build processes. This post describes how to either temporarily or permanently change the CSP to be less restrictive.
StartSSL code signing certificates are crippled and your binaries no longer trusted once they have expired, even if they have been counter signed. Not to mention the other trust issues that StartSSL are experiencing.
The process of obtaining a code signing certificate from StartSSL differs significantly from the process I originally went through with Comodo. This blog post serves to document how I did it for StartSSL, both as a reference for myself and for anyone else! Personally I find this approach easier than fiddling around exporting certificates from a browser, and it gives you a lot more control.