So I was setting up my demo environment again this week, and I figured that I needed an internal PKI for most of my services and therefore I needed the web enrollment service as well.
After I have installed ADCS and the web enrollment role on the same server, I figured I was good to go.
Not quite, when I tried to open http://localhost/certsrv and wanted to get a certificate I got the message that I needed to change to https:// in order to download certificates and that’s fine.
When I tried to open the https://localhost/certsrv It didn’t respond after a couple of minutes I found out you need to do one thing.
You need to create a self signed certificate from within IIS and this to the bindings on port 443.
After this is done, you can enter the website.