Generating a certificate for token signing using built-in soft cert management

For easy first-time installation, the configuration is prepared to work with a signer certificate to be generated as follows:

# nevisauth signer create

The command creates a self-signed certificate that can be used for identity signing. Alternatively, any other way of creating a private key and certificate may be used (e.g., the java keytool).

It is recommended using the JKS format. PKCS12 and HSMs are also supported but require additional integration effort. It is therefore recommended using nevisKeybox, a Nevis component that hides HSM, JKS, PEM etc. under a single, simplified administration interface.