CA signed certificates (SSL server and client) are recommended as only the CA cert needs to be imported as a trusted certificate (e.g. in cacerts). First option is to use a free CA like CAcert.
Second option is to setup your own (test) CA. The most obvious option is to use openssl. The command line tool of openssl allows to first create a CA keypair + CA self-signed cert and next sign certificate requests (CSR), thereby creating CA signed certificates.
Alternative tools for a do-it-yourself CA with GUI are:
- EJBCA: runs on top of J2EE app server
- LigthCA: on top of OpenSSL
- SimpleAuthority: standalone Java app, includes Windows installer
Notes:
- To generate and manage keystores, thé recommended tools is Portecle.
- Alternative is Keytool IUI: it has extra features such as signing of files, but less user friendly than Portecle.
- All sorts of links about PKI