To install Active Directory Certificate Services:

1. In Server Manager, select Tools > Add Roles and Features.
2. At Before you begin, select Next.
3. At Installation type, select Role-based or feature-based installation and select Next.
4. At Server Selection, select the appropriate server and select Next.
5. At Server Roles, tick Active Directory Certificate Services, select Add Features, and select Next.
6. At Features, select Next.
7. At AD xx, select Next.
8. At Role Services, tick Certification Authority, Certificate Authority Web Enrollement, and Online Responder, and select Next.
9. At Web Server Role (IIS), select Next.
10. At Role Services, select Next.
11. Select Install.

To configure Active Directory Certificate Services:

1. Select Configure Active Directory Certificate Services on the destination server.
2. At Credentials, ensure the server_name\Administrator account is listed, and select Next.
3. At Role Services, tick Certification Authority and select Next.
4. At Setup Type, tick Enterprise CA and select Next.

Note: If Enterprise CA is greyed out, you are probably not signed into the machine as the domain Administrator.

5. At CA Type, tick Root CA and select Next.
6. At Private Key, tick Create a new private key and select Next.
7. At Cryptography, select your preferred cyrpt options and select Next.
8. At CA Name, select Next.
9. At Validity Period, selected your preferred validity (such as 1 year) and select Next.
10. At Certificate Database, select Next.
11. Select Configure.
12. Once Configuration succedded is displayed, select Close.
13. When prompted Do you want to configure additional role services, select No.