Hello @haroldpeters ,
Configure the template for key-based renewal.
As a prerequisite, configure a CEP and CES server for username and password authentication. In this environment, we refer to the instance as "CEPCES01".
Configure another CEP and CES instance by using PowerShell for certificate-based authentication on the same server. The CES instance will use a service account.
In this environment, we refer to the instance as “CEPCES02”. The service account that’s used is ”cepcessvc”.
Configure client-side settings.
in order to execute the renewals within these non-domain joined machines. do follow the below link
Hope this answers all your queries, if not please do repost back.
If an Answer is helpful, please click "Accept Answer" and upvote it : )