MS Window Selfsign CA

Step 1: Install Certificate CA on Server window. Assuming this taks is already done.

Step 2: Request Certificate for Web Server (5 picture below)

#Request a certificate

 #Advanced...

 #Create and submit a request to this CA

 #Fill the information. But NOTE:

The Name field: that should be put right name for domain or host address if you want your site is accessed without "mismatch URL" errors.

For example: your site would be access via www.nhutnb.com or web.nhutnb.com that using this certificate. Put *.nhutnb.com to the Name field.

 Type of Certificate Needed should be : Server Authentication...

Affter issued from CA administrator. You can download the certificate and install to the Web Server

Then check whether your installed certificate is in correct location

If the certificate is not correct location (Local Computer instead of User Account). Just do a copy and paste (or you can using export then import functionality).

If the location is correct, then copy *.nhutnb.com in Personal folder to Trusted Root Certification Authorities folder (just do copy and paste)

Now. Open your IIS and check Server Certificate

There it is.
Now, but do one more task to make sure the hostname in "binding" dialog be availabled for you to edit:
Reopen MMC console and navigate to the certificate => click Properties => then type to the "Friendly name" field as picture:

 If you already done this, you could change the "host name" when change the binding configure in IIS,

 Otherwise, you will get this:

Now, create the website:

Then check the result

If you are using the client browser that has not trusted this certificate, your browser might issue a warning, that because your certificate is using for local. If you don't want to get this warning, just install that certificate into your client computer (on both Personal and Trusted Root Certification Authorities folder).