I figured it out so I’ll post the basic steps here for posterity:
[ul]1. In KeyStore Explorer, generate a new Key Pair.
2. Right-click on the new Key Pair, select Export->Export Certificate Chain. Select the “Entire Chain” option and pick PKCS #7 to get the p7b file.
3. Run the command given on the documentation page for the module-signer. I used Windows PowerShell and had to put quotes around the variable values (alias, chain, etc).[/ul]
I hope this’ll help someone else!