Ok,
right now I'm only testing with a self created certificate because I don't have access to the one from thawte.
Right now I'm creating a new keystore with a "rootcertificate" which should resemble the thawte certificate.
Code:
keytool -genkey -v -alias rootCA -keyalg RSA -keystore kstore
then I create another certificate CA
Code:
keytool -genkey -v -alias CA1 -keyalg RSA -keystore kstore
and call SignCertificate
Code:
java SignCertificate kstore rootCA CA CAsigned
thus creating the certificate CAsigned.
I export CAsigned to CAsigned.crt and import it back as CA
Code:
keytool -export -alias CAsigned -keystore kstore -file CAsigned.crt
keytool -import -alias CA -keystore kstore -file CAsigned.crt
Now I use importkeystore
Code:
keytool -importkeystore -srckeystore kstore -destkeystore kstore2 -srcalias ca
With this new keystore and the certificate in it I am able to sign jars and then verify them with rootCA.
1. Is this correct or is there an error I don't see?
2. Would this work with the thawte certificate?
3. The whole process seems very cumbersome, is there a faster/easier/better way to do this?