One example: website which uses USB crypto tokens for digital signatures. In Kazakhstan (and, I guess, many other countries) every citizen can get digital certificate, signed by government CA and use it to sign electronic documents. It's used for many government internet services, for example. But there's no API even in modern browsers, to work with USB devices, so Java applet is one way to do it.
That said, Java applets are effectively dead, so government services now require installing and running separate program which listens at localhost for connections from browser. Honestly, it doesn't look like a big win for me, more like a big loose, from a security point. But here we go.
Those are rumors. Currently Internet in Kazakhstan works fine without installing any certificates. I wouldn't be surprised, if they would do it, but not yet.
And, yes, those certificates are unrelated, AFAIK.
Don't know about the original poster, but there are still a ton of crappy managed switches/APs/other embedded devices that use Java applets for configuration in operation.
In a past life, I had to keep two different browser installs, each with a different JVM version in obsolete browsers, aside from my "real" browser to deal with crap like that.
I just had to help someone enable Java applets earlier this week, in order to take an online typing test required by a temp agency. At some companies, it seems the 1990's never stopped happening. :/
Those are probably ancient corporate tools, either made in-house or by some 3rd party that won't update to newer technology without enough of a monetary incentive.
We're always happy to talk about personal experiences removing Java and never regretting it.
I've been through multiple attempts at doing it in an enterprise, one in January this year, and it always ends with the determination that Java applets are critical to websites used by the business and not going anywhere. Healthcare portals are a big offender.
Education. A lot of science simulations I would use for my classes are Java Applets. Also the equation editor I have to use for creating tests (yes it's web based...) is a java applet.
It's a total nightmare because most of it is abandonware or is still for sale but unmaintained!
I guess digital signature, mostly. Signing documents without your private key leaving the computer. It's not something you can do easily cross-browser.
And that Java app is basically just a web server, which they could rewrite in node or ruby and then I wouldn't need a JVM on my machine any more just to configure my router.
That said, Java applets are effectively dead, so government services now require installing and running separate program which listens at localhost for connections from browser. Honestly, it doesn't look like a big win for me, more like a big loose, from a security point. But here we go.