On the Start screen, click [Server Manager].
On the [Manage] menu, click [Add Roles and Features].
Click [Next>].
Select [Role-based or feature-based installation], and then click [Next>].
Select a server, and then click [Next>].
Select the "Active Directory Certificate Services" and "Web Server (IIS)" check boxes, and then click [Next>].
If a confirmation message appears, click [Add Features].
Check the features you want to install, and then click [Next>].
Read the content information, and then click [Next>].
Make sure that [Certification Authority] is selected in the [Role Services] area in [Active Directory Certificate Services], and then click [Next>].
Read the content information, and then click [Next>].
Check the role services you want to install under [Web Server (IIS)], and then click [Next>].
Click [Install].
After completing the installation, click the Server Manager's Notification icon , and then click [Configure Active Directory Certificate Services on the destination server].
Click [Next>].
Click [Certification Authority] in the [Role Services] area, and then click [Next>].
Select [Enterprise CA], and then click [Next>].
Select [Root CA] , and then click [Next>].
Select [Create a new private key], and then click [Next>].
Select a cryptographic provider, key length, and hash algorithm to create a new private key, and then click [Next>].
In "Common name for this CA:", enter the Certificate Authority name, and then click [Next>].
Select the validity period, and then click [Next>].
Set the "Certificate database location:" and the "Certificate database log location:" settings to their defaults, and then click [Next>].
Click [Configure].
If the message "Configuration succeeded" appears, click [Close].