You can use a single certificate store as both the key store and trust store for MashZone NextGen or you can use separate certificate stores. You can use an existing certificate store for MashZone NextGen, such as the default certificate store shipped with some application servers. Or you can create a new certificate store using the Java keytool utility.
See Java keytool documentation for more information, commands and instructions on managing key certificate pairs, trusted certificates and certificate stores.