In order to generate the keys within Key Manager module, see the section: Generating New Keys while for importing keys in ADSS Server that are issued by third parties, see the section: Importing Keys. Note that keys you want to import MUST be in PKCS#12/PFX format. When generating/importing a key for verification response signing then select the key purpose "Document Encryption". Keys held in a PKCS#11 device can also be used for verification response signing, see the section Crypto Source to configure and import the keys from it.

Once the key pair is generated then Public Key needs to be certified. It can be certified by creating the Self Signed Certificates and/or Delegated Certificates.