AD CS is the Server Role that allows you to build a public key infrastructure (PKI) and provide public key cryptography, digital certificates, and digital signature capabilities for your organization. So rather than going to a third party Certificate Authority (CA) to get PKI certificates and using their hosted services, it provides all services within your environment.
In Virtual Machine which is having a a database, an IIS server, and an Active Directory domain controller you may need to add a certificate for a web site on the IIS server. Self-signed certificates can be useful but its more useful to utilize a trusted certificate from a certificate authority. So for a smaller environment as such a VM having a development lab setup such as SharePoint Farms.
For more information please check this article: Link