For your 1st issue, you should be getting back a signed certificate in response to a certificate signing request (CSR). For example, you generated a private key, then created a CSR. You send that CSR (which contains your public key) to a Certificate Authority (CA). The CA verifies your identity and returns a signed certificate to you. This signed certificate should contain the SAME public key as was in your CSR. You can take the signed certificate and import it into your keystore. If you already had a self signed certificate for that private key, the imported signed cert should replace it.
For your 2nd issue, you need to switch the statements around. You need to verify the signed certificate with the parent's public key.
X509Certificate parent = ...;
X509Certificate certToVerify = ...;
certToVerify.verify(parent.getPublicKey());