The first step to configure Microsoft Active Directory for SSL access is to set up a
stand-alone Certificate Authority (CA).
Do not worry about addition resource utilization because both of the required
services (IIS & CA) can be disabled after issuing the certificate(s).
Using the IIS Manager console, expand the local computer and select Web
Sites. The state of Default Web Site should be
Running. You should also see a CertSrv application
listed under the Default Web Site. If the site is not running or
the application is missing, you must resolve the issue before you proceed.
Install Internet Information Server (IIS).
Install Certificate Authority Services in stand-alone mode.
Verify the Certificate Services web application is installed and active.