1 - make a suitable key pair - cmlconsulting

keytool -genkey -keyalg RSA -alias cmlconsulting -dname "CN=CML Consulting Ltd, OU=http://www.cmlconsulting.com/, O=n/a, L=London, S=n/a, C=UK"  

password is cmlconsulting

2 - to issue a certificate signing request use

keytool -certreq -alias cmlconsulting

and give the key password

returned is - 
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBvzCCASgCAQAwfzELMAkGA1UEBhMCVUsxDDAKBgNVBAgTA24vYTEPMA0GA1UEBxMGTG9uZG9u
MQwwCgYDVQQKEwNuL2ExJjAkBgNVBAsTHWh0dHA6Ly93d3cuY21sY29uc3VsdGluZy5jb20vMRsw
GQYDVQQDExJDTUwgQ29uc3VsdGluZyBMdGQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANvE
GTzbb3FpPE3/ePATkHJnfMYKscvTJIhQ9ju+A754Qn5zJ6IAq5P5nvlg2ct1vrGecMFNGzsoy7eu
EogTztnqrT/4Gmbdv3mFco/WVy7Dyw6QIcJ+ItSntTWvW/enU6bKTVs64Et+frQpE9+up6ii9D+J
5CpZKx/zHCKusO0LAgMBAAGgADANBgkqhkiG9w0BAQQFAAOBgQBShtQs0jq/TasYpYis+bocKXdM
hc6TckPcj7pVz4IaCrFR1KWncoxgijByQW/w31FwrCiybt7TRyzXmbJ1u94CoaXUKXivWtrd7jf5
BYxEp/8iZGBPCXQt+5evhgrVqC6EdaEluhdVEy52BnDlwhumTY7E1aFg+SuRi2PKmrlyTg==
-----END NEW CERTIFICATE REQUEST-----
copy and paste to a file

3 - go to (entry details) - trial http://www.thawte.com/ucgi/gothawte.cgi?a=w055608680105000

Thawte trial uses the trial root certificate

-----BEGIN CERTIFICATE-----
MIICmTCCAgKgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBhzELMAkGA1UEBhMCWkEx
IjAgBgNVBAgTGUZPUiBURVNUSU5HIFBVUlBPU0VTIE9OTFkxHTAbBgNVBAoTFFRo
YXd0ZSBDZXJ0aWZpY2F0aW9uMRcwFQYDVQQLEw5URVNUIFRFU1QgVEVTVDEcMBoG
A1UEAxMTVGhhd3RlIFRlc3QgQ0EgUm9vdDAeFw05NjA4MDEwMDAwMDBaFw0yMDEy
MzEyMTU5NTlaMIGHMQswCQYDVQQGEwJaQTEiMCAGA1UECBMZRk9SIFRFU1RJTkcg
UFVSUE9TRVMgT05MWTEdMBsGA1UEChMUVGhhd3RlIENlcnRpZmljYXRpb24xFzAV
BgNVBAsTDlRFU1QgVEVTVCBURVNUMRwwGgYDVQQDExNUaGF3dGUgVGVzdCBDQSBS
b290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1fZBvjrOsfwzoZvrSlEH8
1TFhoRPebBZhLZDDE19mYuJ+ougb86EXieZ487dSxXKruBFJPSYttHoCin5qkc5k
BSz+/tZ4knXyRFBO3CmONEKCPfdu9D06y4yXmjHApfgGJfpA/kS+QbbiilNz7q2H
LArK3umk74zHKqUyThnkjwIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
SIb3DQEBBAUAA4GBAIKM4+wZA/TvLItldL/hGf7exH8/ywvMupg+yAVM4h8uf+d8
phgBi7coVx71/lCBOlFmx66NyKlZK5mObgvd2dlnsAP+nnStyhVHFIpKy3nsDO4J
qrIgEhCsdpikSpbtdo18jUubV6z1kQ71CrRQtbi/WtdqxQEEtgZCJO2lPoIW
-----END CERTIFICATE-----

and supplies the following (amongst many others)

Test x509v3 SSL Cert

-----BEGIN CERTIFICATE-----
MIICpDCCAg2gAwIBAgIDLVZVMA0GCSqGSIb3DQEBBAUAMIGHMQswCQYDVQQGEwJa
QTEiMCAGA1UECBMZRk9SIFRFU1RJTkcgUFVSUE9TRVMgT05MWTEdMBsGA1UEChMU
VGhhd3RlIENlcnRpZmljYXRpb24xFzAVBgNVBAsTDlRFU1QgVEVTVCBURVNUMRww
GgYDVQQDExNUaGF3dGUgVGVzdCBDQSBSb290MB4XDTAwMTEwMTIzMTcyN1oXDTAx
MTAxNzIzMTcyN1owfzELMAkGA1UEBhMCVUsxDDAKBgNVBAgTA24vYTEPMA0GA1UE
BxMGTG9uZG9uMQwwCgYDVQQKEwNuL2ExJjAkBgNVBAsTHWh0dHA6Ly93d3cuY21s
Y29uc3VsdGluZy5jb20vMRswGQYDVQQDExJDTUwgQ29uc3VsdGluZyBMdGQwgZ8w
DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANvEGTzbb3FpPE3/ePATkHJnfMYKscvT
JIhQ9ju+A754Qn5zJ6IAq5P5nvlg2ct1vrGecMFNGzsoy7euEogTztnqrT/4Gmbd
v3mFco/WVy7Dyw6QIcJ+ItSntTWvW/enU6bKTVs64Et+frQpE9+up6ii9D+J5CpZ
Kx/zHCKusO0LAgMBAAGjJTAjMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB
/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAbsLdfYhsCabxDs+IbGHv4tHS7fgPHzdO
y8/ABtG3E5uXWAuaopg7v2ZttMGQdty1v6E8x22DXZwwFZhwdEIuVgkjMtrdtSHD
n2KWGea+ZG13qY9zYC9Gdy+jTleBnJdkBKVn4nfqP/nmjTCafQf04EJGIWXUNHxw
Ixiai0MNLPo=
-----END CERTIFICATE-----

Verisign --> fails 'The certificate signing request (CSR) you submitted uses an unrecognized signature algorithm. Please consult your software manufacturer. '

4 - import the Thawte Test certificate into the keystore as a trusted certificate

keytool -import -file thawtetest.cer -alias ThawteTest

fails

5 - Import the new certificate to replace the self signed one

keytool -import -trustcacerts -file thawtereply.cer -alias cmlconsulting

fails



