Since we are revolving all of our discussion in this book around Windows Server 2016, this certainly means that your CA server can and should be one provided by this latest and greatest of operating systems. As with most capabilities in Server 2016, the creation of a certification authority server in your network is as simple as installing a Windows role. When you go to add the role to a new server, it is the very first role in the list called Active Directory Certificate Services (AD CS). When installing this role, you will be presented with a couple of important options and you must understand the meaning behind these options before you create a solid PKI environment.