if you use certificates you cannot use policy files
You can use both together. But there's no point in doing so.
If i have to use policy file, I have to still sign the jar and provide a certificate with the jar where in the applet is present?
No. Like I said, they're independent of each other.
How will you distribute your policy file when you have to use security using policy files
Maybe email instructions to your users with what to do? Or put those instructions on the web page that hosts the applet? You shouldn't distribute an actual file, because users might have one already, and you don't want them to replace that by yours.