Enable the Certification Authority Web Enrollment role service.

1. In Server Manager, select Configure Active Directory Certificate Services on this server.
2. At Credentials, ensure the server_name\Administrator account is listed, and select Next.
3. At Role Services, tick Certification Authority Web Enrollment and select Next.
4. Select Configure.
5. Once Configuration succedded is displayed, select Close.
6. When prompted Do you want to configure additional role services, select No.

The Certification Authority Web Enrollment role should be listed in Server Manager.

Create the domain certificate in IIS

1. In IIS, select Server Certificates.
2. In the right-panel, select Create Domain Certificate.
3. At Distinguished Name Properties, complete the form. Common name should be computer_name.domain_name. Select Next.
4. At Online Certification Authority, click the Select button, and select the root CA. Friendly name should be computer_name.domain_name. Select Finish.

The newly created certificate should be listed.

Add the certificate to your sites HTTPS binding

1. In IIS, right-click on your site and select Edit Bindings.
2. Assign the newly create certificate to HTTPS.
3. In the left panel of IIS, expand your site and select CertSrv
4. Select SSL Settings.
5. Tick Require SSL, and select Apply.

To test this, using any PC in your domain, sign into the PC as a domain user, and do the following.

1. In any web browser, navigate to https://www.example.com/certsrv. 
2. If prompted to sign in, use your domain username and password.
3. At the Active Directory Certificate Services web site, select Request a certificate.
4. Select User Certificate.
5. Select Submit.
6. Select Install this certificate.