This is a bit of an aide-memoire, based on https://blogs.msdn.microsoft.com/benjaminperkins/2017/11/15/how-to-create-a-self-signed-san-certificate-wildcard-certificate-vs-san/

The short form is, you can do this in PowerShell:

• Open Powershell, running as administrator.
• Run:

New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "example.local" -FriendlyName "example.local" -NotAfter $([datetime]::now.AddYears(5))

• Go to “Manager Computer Certificate” or run CERTMGR. You should see your certificate

Next, we want to trust this certificate. We’ll need to export it.

• To export the certificate file you just created as a .PFX file, right click on the certificate, All Tasks -> Export…
• When the Export menu item is selected, an export wizard is run. On the first window read through the information and click the next button.
• In the next window, select the radio button “Yes, export the private key” and then click the next button.
• Select Export Extended Properties, and click next
• Set a password for the .PFX file you want to create#
• Choose a path and export the .pfx file

Now import it into the “Trusted Root Certification Authorities” that you can see in Certificate Manager

• Expand Trusted Root Certification Authorities –> right-click Certificates –> All Tasks –> Import.
• Select the file you just exported. Note that you may need to change the file type to Personal Information Exchange.
• Click Next, Fill in your file’s password, and complete the import.

That should be it completed.

Edit:

An alternative to export the cert:

Copy the Thumbprint of the cert in your Powershell window.

$pwd = ConvertTo-SecureString -String "" -Face -AsPlainText
Export-PfxCertificate -cert cert:\localMachine\my\#Thumbprint# -FilePath #FilePath# -Password $pwd