A Windows Active Directory Certification Authority server (AD CA), also known as a Certificate Authority, is an essential service to every organization’s Active Directory as it can manage, issue, revoke and renew digital certificates used to verify the identity of users, computers and other network services.
This guide will show you how to quickly install and setup a Certification Authority server on Windows 2016 server. The guide includes the installation of the Certification Authority Web Enrollment service to allow your organization to request, renew and download certificates via a simple web interface.
Execution Time: 10 - 15 minutes
Step 1 – Installation of Windows Active Directory Certificate Services
Launch Server Manager and go to Manage > Add Roles and Features:

At the next screen select simply click on the Next button:

Ensure Role-based or feature-based installation is selected and click on Next:

At the next screen select the destination server from the available Server Pool and click on the Next button:

Next, tick the Active Directory Certificate Services from the available roles: