As an alternative to using certutil to create selfsigned certificates, the following PowerShell command can be used. This command is part of the PKI PowerShell module which when using newer versions of PowerShell will be loaded automatically when you call the command.
New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname myaddress.com
This is very handy if using PowerShell to script the deployment of AD FS for testing and you are happy to run the server with a selfsigned certificate.