How do you sign a unsigned modl file

This is really 2 topics in one.

1. Generating a certificate
2. Signing a module

Signing a module is relatively straightforward with the tool the IA provides.

Certificates have more to do with security than Ignition. You might want to consult other documentation such as the following:

https://www.ibm.com/support/knowledgecenter/SSMNED_5.0.0/com.ibm.apic.cmc.doc/task_apionprem_gernerate_self_signed_openSSL.html

Hope this helps!