If you are working with Active Directory in any enterprise type environment, more than likely the environment will also have Certificate Services deployed. Working with System Center, there are various uses of Certificate Services for the different components in the suite.
So, if you wanted to mimic an enterprise environment in your lab, you will need to first install Active Directory so that a domain will exist, and then you will need to install the Certificate Services role/feature. Once Certificate Services is installed though, you will still need to configure it before being able to work with it.
Start by launching the Active Directory Certificate Services (AD CS) Configuration Wizard.
On the Credentials page, supply appropriate credentials and then click Next.
On the Role Services page, select Certification Authority and then click Next.
On the Setup Type page, select Enterprise CA and then click Next.
On the Specify CA Type page, select Root CA and then click Next.
On the Set Up Private Key page select Create a new private key and then click Next.
Leave the defaults on the Configure Cryptography for CA page, and then click Next.
- Important: CSP, Hash Algorithm and Key length must be selected to meet application compatibility requirements.
On Configure CA Name page, enter Domain Root CA (ex. SC LAB Root CA) in the Common name for this CA field, and then click Next.
On Set Validity Period page enter 10 Years, then select Next.
Keep the default on the Configure Certificate Database page, and then click Next.
On the Confirmation page, click Configure.
Review the information on the Results page to verify that the installation is successful and then click Close.
You now have Active Directory Certificate Services installed.
Here is a video walk through: