On the Start page, click [Server Manager].
On the [Manage] menu, click [Add Roles and Features].
Click [Next>].
Select [Role-based or feature-based installation], and then click [Next>].
Select a server.
Select the "Active Directory Certificate Services" and "Web Server (IIS)" check boxes, and then click [Next>].
If a confirmation message appears, click [Add Features].
Check the function you want to install, and then click [Next>].
Read the content information, and then click [Next>].
Make sure that [Certificate Authority] is checked in the [Role Services] area in [Active Directory Certificate Services], and then click [Next>].
Read the content information, and then click [Next>].
Check the role service you want to install under [Web Server (IIS)], and then click [Next>].
Click [Install].
After completing the installation, click the Server Manager's Notification icon, and then click [Configure Active Directory Certificate Services on the destination server].
Click [Next>].
Click [Certificate Authority] in the [Role Services] area, and then click [Next>].
Select [Enterprise CA], and then click [Next>].
Select [Root CA] , and then click [Next>].
Select [Create a new private key], and then click [Next>].
Select a cryptographic service provider, key length, and hash algorithm to create a new private key, and then click [Next>].
In "Common name for this CA:", enter the Certificate Authority name, and then click [Next>].
Select the validity period, and then click [Next>].
Leave the "Certificate database location:" and the "Certificate database log location:" settings set to their defaults, and then click [Next>].
Click [Configure].
If the message "Configuration succeeded" appears, click [Close].