...
Identify the Certificate Authority (CA) - If you need to setup Microsoft Certificate Services the following link may:
Install the Certificate - Request and install a certificate for the website under which the application will run. See: How to Get a Certificate from an internal CA
The certificate must be created for a website (ex: Default Web Site) not the virtual directory for the web application.
A Bit length of 2048 or higher.
Select SHA256 for your hash algorithm.
Set the Subject Alternative Name or to the FQDN of the server or a wildcard that includes the server (ex: *.mydomain.gov)
Validity period if of 389 days or less
ExtendedKeyUsage extension containing the id-kp-serverAuth OID
See this Microsoft KB article for more information: http://support.microsoft.com/kb/299875
...