The correct way to put a certificate on the server is to Issue a real certificate to the NPS server from a real register such as Verisign, or Entrust.
You can also issue a certificate from your own CA authority.
Neither of these options are quick or easy.
What if you just need a certificate to see if something works.
Here's how to do that.
First download from Microsoft the IIS 6.0 Resource kit tools. Included in this tool kit is SelfSSL. A tool created by Microsoft to issue and install a self-signed SSL certificate.
Launch SelfSSL from Start >Programs > IIS Resources > SelfSSL > SelfSSL (Note: You must run SelfSSL elevated as an Administrator)
Type in the following command to generate a new certificate of key length 1024 with a validity period of 10 years (3652 days):
selfssl.exe /N:CN=fqdn.of.radius.server /K:1024 /V:3652
You'll be prompted to overwrite the settings for site 1, answer with yes. The certificate will now be in the local computer certificate store.
That's it. It's installed in the right place, and it's enabled.
Of course, your end devices will not trust the certificate, so you will need to export the certificate, and load it onto devices as a trusted CA.