Hi,
We have come across the commands from the below Microsoft article
https://learn.microsoft.com/en-us/powershell/module/adcsdeployment/install-adcsenrollmentwebservice?view=windowsserver2019-ps
Install-AdcsEnrollmentWebService -ApplicationPoolIdentity -CAConfig "CA1.contoso.com\contoso-CA1-CA" -SSLCertThumbprint "Thumbprint001" -AuthenticationType Certificate
-SSLCertThumbprint
Specifies the hash or thumbprint of the Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate for a web site as a string value. This parameter is optional. If used, it establishes the necessary binding with Internet Information Server (IIS) to enable support for the required SSL/TLS connectivity. If a binding already exists within IIS, specifying this parameter overwrites the existing binding. If this parameter is not specified, any existing binding is used. If no bindings exist, installation succeeds, but the service will not function until the binding is established manually.
1) Is this the thumbprint of the certificate that's present on the IIS which will be used to secure the connections of the Certificate Enrollment Web service. If yes then what happens to the service when the certificate gets renewed next year? or
2) Is this the thumbprint of the certificate of the CA which will take care of the CES service requests?