Installing Internet Information Services (IIS) and Certificate Services
Specify this setting if you want the machine to automatically obtain user information registered in Active Directory.
We recommend you install Internet Information Services (IIS) and Certificate services as Windows components.
Install the components, and then create the server certificate.
If they are not installed, install them as follows:
Installation under Windows Server 2008 R2
On the [Start] menu, point to [Administrative Tools], and then click [Server Manager].
Click [Roles] in the left column, click [Add Roles] from the [Action] menu.
Click [Next>].
Select the "Web Server (IIS)" and "Active Directory Certificate Services" check boxes, and then click [Next>].
If a confirmation message appears, click [Add Features].
Read the content information, and then click [Next>].
Check that [Certification Authority] is selected, and then click [Next>].
Select [Enterprise], and then click [Next>].
Select [Root CA], and then click [Next>].
Select [Create a new private key], and then click [Next>].
Select a cryptographic service provider, key length, and hash algorithm to create a new private key, and then click [Next>].
In "Common name for this CA:", enter the Certificate Authority name, and then click [Next>].
Select the validity period, and then click [Next>].
Set the "Certificate database location:" and the "Certificate database log location:" settings to their defaults, and then click [Next>].
Read the notes, and then click [Next>].
Select the role service you want to use, and then click [Next>].
Click [Install].
When the installation is complete, click [Close].
Close [Server Manager].
Installation under Windows Server 2012/2016
On the Start screen, click [Server Manager].
On the [Manage] menu, click [Add Roles and Features].
Click [Next>].
Select [Role-based or feature-based installation], and then click [Next>].
Select a server, and then click [Next>].
Select the "Active Directory Certificate Services" and "Web Server (IIS)" check boxes, and then click [Next>].
If a confirmation message appears, click [Add Features].
Check the features you want to install, and then click [Next>].
Read the content information, and then click [Next>].
Make sure that [Certification Authority] is selected in the [Role Services] area in [Active Directory Certificate Services], and then click [Next>].
Read the content information, and then click [Next>].
Under Windows Server 2016, read the content information, and proceed to Step 12.
Check the role services you want to install under [Web Server (IIS)], and then click [Next>].
Click [Install].
After completing the installation, click the Server Manager's Notification icon
, and then click [Configure Active Directory Certificate Services on the destination server].
Click [Next>].
Click [Certification Authority] in the [Role Services] area, and then click [Next>].
Select [Enterprise CA], and then click [Next>].
Select [Root CA], and then click [Next>].
Select [Create a new private key], and then click [Next>].
Select a cryptographic provider, key length, and hash algorithm to create a new private key, and then click [Next>].
In "Common name for this CA:", enter the Certificate Authority name, and then click [Next>].
Select the validity period, and then click [Next>].
Set the "Certificate database location:" and the "Certificate database log location:" settings to their defaults, and then click [Next>].
Click [Configure].
If the message "Configuration succeeded" appears, click [Close].