This step can be ignored if there is already a valid root authority certificate installed on the server and the client! If not, you can create a self-signed root authority certificate and install it on the server and the client as a trusted root authority certificate.
<code>makecert -n "CN=<SELFSIGNEDNAMEROOTNAME>" -r -sv <SELFSIGNEDNAMEROOTNAME>.pvk <SELFSIGNEDNAMEROOTNAME>.cer</code><br/>SELFSIGNEDNAME ROOTNAME ... self-signed root authority name<br/>
see [http://msdn.microsoft.com/en-us/library/bfsktky3%28VS.110%29.aspx MSDN]
To create a specific service certificate, we define the site name (IP) of our sevice along with the service name.
<code>makecert -sky <SITENAME> -iv <SELFSIGNEDNAMEROOTNAME>.pvk -n "CN=<SITE-IP>" -sv "<SITENAME>.pvk" -ic <SELFSIGNEDNAMEROOTNAME>.cer <SITENAME>.cer -sr currentuser -ss My</code><br/>
SITENAME ... Name of the service
SITE-IP ... IP of the service (which should be accessed from the client)