Hello Lai,
For the client Side, please try the following
1. On the client machine , go to MMC--->>Add/remove snap in. Add computer account and click on Finish
2. Right click on Trusted root Authority--->>Import certificate , import the same certificte that you have generated for IIS.
3. Once the certificate is imported, right click on the certificate and click on Export.
4. Export it in format DER encoded binary X.509 (.CER).
5. Save it on your Desktop.
6. Go to Client-Side TLS\SSl Certificate and browse the certificate.
Let me know if that works for you.