...
For all the required descriptors, generate keypairs and Certification Signing Requests (CSRs) and request the certificates or create your own. If you want to store the keys in a Hardware Security Module (HSM), which is highly recommended, use it for generating keypairs. Note that getting certificates from a CA may take some time - there might be manual verification steps involved. Thus it is recommended to acquire all necessary keys and certificates before beginning the bootstrapping procedure.
Configure certificates in IDM
...