If you are unfamiliar with the difference between a keystore and a truststore, check out this article.

Create a new certificate

1. In the WebSphere admin console, expand Security and select SSL certificate and key management.
2. Select key stores and certificates.
3. Select a keystore or truststore.
4. Select Personal certificates or Signer certificates (check out my article on Personal vs. Signer Certificates)
5. Select Create, and then complete the form to create the certificate.

In this example, a certificate called "testing" was created.

Add a certificate by making a secured connection to a remote system

1. In the WebSphere admin console, expand Security and select SSL certificate and key management.
2. Select key stores and certificates.
3. Select a trust store, such as NodeDefaultTrustStore.
4. Select Signer certificates (check out my article on Personal vs. Signer Certificates)
5. Select Retrieve from port.
6. In Host, enter the hostname of the remote system.
7. In Port, enter the port that is used to connect to the remote system.
8. SSL configuration for outbound connection will almost always be NodeDefaultSSLSettings.
9. Alias can be anything you want, typically the alias of the certificate.
10. Select Retrieve signer information.

If the remote system is able to provide the certificate that should be used to provided a secured connection, the certificate should be displayed. In this scenario, select OK to add the certificate to the NodeDefaultTrustStore.