Enable the Certification Authority Web Enrollment role service.
- In Server Manager, select Configure Active Directory Certificate Services on this server.
- At Credentials, ensure the server_name\Administrator account is listed, and select Next.
- At Role Services, tick Certification Authority Web Enrollment and select Next.
- Select Configure.
- Once Configuration succedded is displayed, select Close.
- When prompted Do you want to configure additional role services, select No.
The Certification Authority Web Enrollment role should be listed in Server Manager.
Create the domain certificate in IIS
- In IIS, select Server Certificates.
- In the right-panel, select Create Domain Certificate.
- At Distinguished Name Properties, complete the form. Common name should be computer_name.domain_name. Select Next.
- At Online Certification Authority, click the Select button, and select the root CA. Friendly name should be computer_name.domain_name. Select Finish.
The newly created certificate should be listed.
Add the certificate to your sites HTTPS binding
- In IIS, right-click on your site and select Edit Bindings.
- Assign the newly create certificate to HTTPS.
- In the left panel of IIS, expand your site and select CertSrv
- Select SSL Settings.
- Tick Require SSL, and select Apply.
To test this, using any PC in your domain, sign into the PC as a domain user, and do the following.
- In any web browser, navigate to https://www.example.com/certsrv.
- If prompted to sign in, use your domain username and password.
- At the Active Directory Certificate Services web site, select Request a certificate.
- Select User Certificate.
- Select Submit.
- Select Install this certificate.