In order to generate the keys within Key Manager module, see the section: Generating New Keys while for importing keys in ADSS Server that are issued by third parties, see the section: Importing Keys. Note that keys you want to import MUST be in PKCS#12/PFX format. When generating/importing a key for Client Authentication select the key purpose "TLS Client Authentication". Keys held in a PKCS#11 device can also be used for the authentication of the user's identity, see the section Crypto Source to configure and import the keys from it.

Once the key pair is generated then Public Key needs to be certified. It can be certified by creating the Self Signed Certificates and/or Delegated Certificates.

See also
Step 2 - Registering CAs
Step 3 - Configuring CRL Monitor
Step 4 - Configuring OCSP Repeater Service
Step 5 - Registering Trusted CAs for OCSP Repeater Service
Step 6 - Using the Service Manager