In this post I will go over what is required to setup a Microsoft Windows Server 2016 Standalone Certificate Authority. I will not be using this Certificate Authority with Microsoft Active Directory.
First build a Windows 2016 Server (see here for notes on how to do this). Then login and go to the Server Manager. Click Manage> Add Roles and Features.
Select the Active Directory Certificate Services role and then click Add Features when prompted. Then click Next, Next, Next.
If you are integrating this CA with Active Directory you can select additional services such as Web Enrollment. However for the purposes of this exercise we are just creating a basic CA that can be used independently of AD. Select Certification Authority and click Next.
Then click Install
Once the install has completed click Close
In Server Manager click Configure Active Directory Certificate Services
Specify the credentials of an admin account on the server and click Next
Select Certificate Authority and click Next
Accept the selection of Standalone CA and click Next
Select Root CA and click Next
Select create and new private key and click Next
Ensure your settings match the below and click Next
Give your CA a common name or just accept the defaults then click Next
Leave the default validity period and click Next
Leave the database locations as the defaults and click Next
Click Configure
Click Close when done
You can now open the Certificate Authority mmc and start issuing certificates