Active Directory Certificate Services (AD CS) is a server role and certificate authority which is used to build a Public Key Infrastructure. It provides public key cryptography, digital certificates, and signatures for in-house use for your organization. That means you don't have to rely on a third-party certificate authority (CA) for above mentioned public keys and certificates.
Active Directory Certificate Services Components
AD Certificate Services has the following six components:
CA Web enrollment - This component connects users to the Certificate Authority with a web browser.
Certification authority (CA) - This is one of the most important components which is used to issue certificates to users or devices or to a subordinate CA.
Certificate Enrollment Policy Web Service - It allows computers and users to retrieve information about their certificate enrollment policy.
Certificate Enrollment Web Service - This allows computers and users to enroll certificates using web (HTTPS).
Network Device Enrollment Service - This component is used to allow non-domain devices like routers and switches to obtain certificates.
Online Responder - This component provides a way for certificates to be checked for their validity.