Make sure that the CN (“Common Name”) attribute matches in your URL and certificate. For example, if you created your certificate using the CN=localhost, but you are accessing it in IE using something like https://machine.domain.topleveldomain, then IE will complain that machine.domain.topleveldomain is not the same as localhost. I believe it does a string comparison.

Make sure that the certificate was installed in the Trusted Root Certification Authorities (TRCA) under the Local Computer physical store.

If all is installed correctly, then there is one more possibility. Windows has a “feature” that wipes out untrusted certificates (untrusted according to mircosoft) from the TRCA. You can disable this feature first and then reinstall the certificate.

Open up gpedit.msc and drill down to Computer Configuration > Administrative Templates > System > Internet Communication Management > Internet Communication Settings > Turn off Automatic Root Certificates Update. Enable Turn off Automatic Root Certificates Update.

Microsoft provides some details about what that feature does—its a security feature where your TRCA is compared against microsoft’s database of valid root certificates.

If it is still not working after you turn that feature off, then there is a problem with the way in which you created that certificate. You can make a certificate using makecert. http://msdn.microsoft.com/en-us/library/bfsktky3(v=vs.80).aspx

If your computer’s fully qualified name is: machine.domain.com, you can do this:

makecert -n "CN=machine.domain.com" c:\file.cer

Eventually you can access your resources by: https://machine.domain.com

Hope this helps. I have had my fair share of self-signed certificate woes.