We can issue and manage PKI certificates by using Microsoft Active Directory Certificate Services. We can turn a server into a trusted authority for our domain. We can request and issue certificates from it, install them on our member servers.
Do not select additional features, click Next
Select Certification Authority role service
Installation Succeeded. Now we need to configure AD Certificate Services.
On Server Manager we can see there is exclamation mark stating that, Post deployment configuration is needed for ADCS. Click on it.
Select Enterprise CA. If it is grayed out, it means your server is not joined to a domain
Select Root CA
Select Create a new private key
Go with defaults and click Next
Do not change anything, go with defaults and hit Next
For the rest of the wizard just keep the defaults and click next and complete the wizard.
Click Close and complete the configuration.