Nejdřív nainstalovat IIS
Add-WindowsFeature Web-Server, Web-Mgmt-Console, Web-Http-Redirect, Web-Url-Auth, Web-Windows-Auth, Web-ASP, Web-CGI, Web-ISAPI-Filter, Web-ISAPI-Ext, Web-Net-Ext45, Web-Mgmt-Service
Konzole se dá spustit
C:\Windows\System32\InetSrv\InetMgr.exe
Instalace role
Add-WindowsFeature Adcs-Cert-Authority -IncludeManagementTools Add-WindowsFeature Adcs-Web-Enrollment
Konfigurace
Install-AdcsCertificationAuthority -CACommonName "DOMAIN-CA" -CAType EnterpriseRootCA -DatabaseDirectory "E:\CertDb" -LogDirectory "E:\CertLog" -ValidityPeriodUnits 10
Konfigurace web enrollmentu
Install-ADCSWebEnrollment
Aby bylo možné vytvářet delší certifikáty než s dvouletou platností, je nutné
certutil -setreg ca\ValidityPeriodUnits 5