First if you have not already install the IIS role on your windows system.
Open IIS and choose the top level folder(your server) then choose Server Certificates
Now choose Create Self Signed Certificate from the far right
friendly name should be the DNS name of the device you need to create the pem file for, then choose ok.
Now open the certificate manager on your system, to do this run mmc
File > Add/Remove snap-in
Choose Certificates > Add > Computer account > Next > Local computer > Finish > OK
Now expand the certificates folder you create the cert in, by default this is Personal > Certificates.
right click on the certificate you created and choose all tasks > export > next > No, > next > Base-64 > next >
pick a file name
Now, you can rename the .cer file to .pem and that's it you're done.