Please find the below script which are used to generate the certificate, point to remember is that domain name should be match which are present in host file and also match with your iis. e.g. “local.demo.com“.
$cert = New-SelfSignedCertificate -certstorelocation cert:\localmachine\my\ -dnsname local.demo.com
$pwd = ConvertTo-SecureString -String ‘Test11‘ -Force -AsPlainText
$path = ‘cert:\localMachine\my\’ + $cert.thumbprint
Export-PfxCertificate -cert $path -FilePath C:\certificates\local.demo.com.pfx -Password $pwd
$cert.thumbprint
$rootStore = New-Object System.Security.Cryptography.X509Certificates.X509Store -ArgumentList Root, LocalMachine
$rootStore.Open(“MaxAllowed”)
$rootStore.Add($cert)
$rootStore.Close()
Practically Proven 