You can see if the certificate service is already installed use the below command
Get-WindowsFeature | where name -like *AD*
Now when we see that that certificate authority is not installed we can installed the same using the below command.
Add-WindowsFeature AD-Certificate –IncludeAllSubFeature
Once we see the exit code as success, we are ready to go to server manager and complete the post install steps.
Post install steps are stright forward just hit next next unless you have specific instruction.
You can select SHA256 or whatever recommended by your security team I will continue with the sha1 as this is my lab machine.
Your Certificate Autority is ready to accept the certiricate request.
I installed this on my LAB DC where I setup the DNS record as PKI.letsexchange.in to give it a production like feel J
Next lets Create the Certificate request from exchange and request the certificate autority for certificate.