You can create self-signed certificate using OpenSSL.

Prerequisites

Download package Win32 OpenSSL Light for generating SSL certificate from http://slproweb.com/products/Win32OpenSSL.html to a folder of your choice. For example, C:\Utils\OpenSSL.

Procedure

  1. To add Server Authentication to EKU, open openssl.cfg and add extendedKeyUsage setting under the v3_ca section.
    [ v3_ca ] extendedKeyUsage = serverAuth
  2. Open command prompt, go to C:\Utils\OpenSSL\bin, and set default OpenSSL configuration variable.
    set OPENSSL_CONF=C:\Utils\OpenSSL-Win32\bin\openssl.cfg
  3. Generate a self-signed certificate with a new private key.
    openssl req -x509 -nodes -days 9999 -newkey rsa:2048 -keyout HOSTNAME.key -out HOSTNAME.cer -subj "/CN=HOSTNAME"
  4. Convert the certificate and the private key to a .pfx file.
    openssl pkcs12 -export -out HOSTNAME.pfx -inkey HOSTNAME.key -in HOSTNAME.cer -name "HOSTNAME" -passout pass:
  5. Deploy the generated SSL certificate (HOSTNAME.PFX file in the bin folder) to the remote server and import it there .