Before starting up Certificate generation, there are some important concepts to be understood. There are three possible roles that can be assigned to Apple Developer Program members: Agent, Admin, or Member.
Borrowed from Apple’s website.
The Agent (the original enrollee accepted into an Apple Developer Program) is the primary contact for the development team, is responsible for accepting all Developer Program Agreements, and can enroll their team in additional Apple Developer Programs.
2. Admin (company/organization only)
Developers assigned the Admin role serve as a secondary contact for teams enrolled in an Apple Developer Program as a company. Team Admins can invite members to the team, assign roles, and have access to the resources and benefits of the developer program they are enrolled in.
3. Member (company/organization only)
Developers assigned the Member role have access to the resources and benefits of the developer program they are enrolled in.
Now that you know the rules. So if an “Admin” user goes to certificate creation page, the option is disabled.
The rule also means that the Admin user cannot download the certificates either. It is the responsibility of “Agent” to generate and download the certificate and share it with the team.
If you are logged in as an Agent the button in first image will be enabled. Click on it and APPLE will guide you through the process to generate the certificates. But remember you have to generate 2 certificates: Developer ID Application Certificate and Developer ID Installer Certificate (First time I tried, I missed out on generating Developer ID Installer Certificate). Developer ID Application Certificate is used for signing the application and Developer ID Installer Certificate is used for signing the installer. While you are at it make it a point to download Developer ID Intermediate Certificate. Without Developer ID Intermediate Certificate Gatekeeper wouldn’t allow your application to launch.
As mentioned earlier only an Agent can download the certificates. So it is the duty of agent to generate the certificate and share it with his team.