See this SO answer . I used it for a WCF project a few months ago.
Create a certification authority
Create a self-signed certificate (-r) using the exported private key (-pe), using SHA1 (-r) to sign (-sky signature). The private key is written to the file (-sv).
makecert -r -pe -n "CN=My Root Authority" -ss CA -sr CurrentUser ^
-a sha1 -sky signature -cy authority -sv CA.pvk CA.cer
(^ = enable batch command line)
Create Server Certificate
(-pe), SHA1 (-a) (-sky exchange).
SSL (-eku 1.3.6.1.5.5.7.3.1).
(-ic), (-iv).
(-sp, -sy).
makecert -pe -n "CN=fqdn.of.server" -a sha1 -sky Exchange ^
-eku 1.3.6.1.5.5.7.3.1 -ic CA.cer -iv CA.pvk ^
-sp "Microsoft RSA SChannel Cryptographic Provider" ^
-sy 12 -sv server.pvk server.cer
pvk2pfx -pvk server.pvk -spc server.cer -pfx server.pfx
.PFX ( IIS). , pvk2pfx PFX. -po.
, CA.cer ( ). , Windows, . , snapin MMC certmgr.msc certutil:
certutil -user -addstore Root CA.cer