...
The recommended approach is to create a unique self-signed certificate for each distinct API client. See https://docs.microsoft.com/en-us/powershell/module/pkiclient/new-selfsignedcertificate for information on creating self-signed certificates in Windows. We recommend setting the subject name of the certificate to a value which can identify the consumer (user name, machine name, etc.).
...
| Info |
|---|
Some users have had issues using the above method (specifically the inability to export the certificate). The image below shows an alternate method for generating and exporting both certificates (one with a PK (pfx) and one without (cer)). |
Once you have run the Powershell command, you will find the new certificate in your Personal folder of the Local machine store.
...