What certificate is used when signing state/flow .jar files in development?

For a CordApp to be used by a node, it must be first signed. The documentation says that a CordApp development certificate is used by default when using the cordapp plugin; I’d like to know who generates it, when this certificate is generated and where it’s stored. Also, a password is required when I try to open any of the files under the build/nodes/<node_name>/certificates folder, where can I find this password?

Well, apparently the Network Bootstrap tool generates the node’s certificates and then signs the cordapps with these certificates. More info here: Deploying in a development environment - R3 Documentation

About the password needed to unlock the files under the build/nodes/<node_name>/certificates folder, if a password isn’t explicitly set, the default one is: cordacadevpass. More info here: Node folder structure - R3 Documentation