It is important to be familiar with using the Java keytool utility to generate certificate requests and import certificates. This process is documented here:
During this process, when initially setting up SSL for UMP or Admin Console, a callback is run on the wasp probe called ssl_reinitialize_keystore to set the initial password for the keystore. It is critical that you remember or record this password for future certificate renewals. If you do not remember it, you will need to start the entire process from scratch, as if it was the first time you are implementing a new certificate.