You could use OpenSSL, or download the 1+GB Windows SDK to get the makecert utility. But those are troublesome, each in its own way.
Happily, it's still possible to use the IIS 6 resource kit's SelfSSL, even without having IIS installed. And that's only a 5MB download. Plus, you can install only the SelfSSL piece, which is something like 50kB. Much, much better.
So, download it from this link. Install it on the server you want, and then run selfssl as below:
Note two things:
- Run the command prompt as administrator
- You'll get an error, on account of not having IIS running on the server.
The error is OK: the certificate is installed in the computer personal certificate store. You can view it this way.
If trust is important on the server, you can use the /T switch for selfssl, and it will automatically add the certificate to the trusted root CA certificate folder, as well.