Option 1
Just googled this and the most direct way is to use the "-pe" option for makecert.exe. Here is the documentation:
(A distant) Option 2
If you wanted to spend a whole bunch of time on it and don't mind it being self-certified, I'd recommend using OpenSSL. There are only a few steps:
Download the source and build openssl.exe or get a pre-compiled copy (link).
Create a self-signed cert in PEM format. Open a DOS prompt in the folder containing openssl.exe and openssl.cnf. The command below creates one that's good for roughly 10 years:
openssl req -x509 -days 3650 -newkey rsa:2048 -keyout mycert.pem -out mycert.pem -config ./openssl.cnf
Convert the PEM to a PFX:
openssl.exe pkcs12 -export -in mycert.pem -out mycert.pfx
Double-click the PFX to import it and be sure to check the "Mark this key as exportable" box on the same dialog where you enter the password for the PFX.