A couple of days ago, I made a post to help you understand the self-issued certificates. Today I wanted to extend on that and show what's been built for 2008 to help you install the self-issued certificate. If you open the Company Web Site inside the company, you'll notice an announcement that tells users how to obtain this package. They can browse to "\\contoso-server\users\public downloads" on the server and obtain the zip file shown on the left. This zip file can then be copied to a USB key or floppy drive and taken to the remote PC. Alternatively, it can be run inside the network to install the certificate onto a Windows Mobile device that is connected to the user's PC. It is not necessary to use this package on client computers that are joined to the domain because Group Policy will push the certificate to these client computers, for the case of a laptop that leaves the domain, it will already have the certificate installed in the trusted root store.
One thing to note, is that each time the Fix My Network wizard is run, it checks the validity of the certificate, if it's invalid, it'll go ahead and re-create the certificates and fix everything up for you.. including dropping a new package to the Public Downloads share.
Once you have the tool at the remote location, un-zip it, and run it. The tool is very simple, and runs on XP SP2 or higher clients, including Vista. When you run it, you will see the following UI:
As you can see from the screen shot, you can install the certificate on the remote PC, or any device running Windows Mobile 6.
While using self-issued certificates got easier with 2008, its still a pain to have to install the certificate every 5 years onto remote devices, it's far easier to use a Trusted Certificate.