Paste the SHA-256 fingerprint (in hexadecimal format) of the whole root CA certificate in DER binary encoding (not in PEM). You can obtain this value from the certificate properties or run the following commands.

Windows
certutil -hashfile rootca.der SHA256
MacOS
openssl x509 -fingerprint -sha256 -noout -in rootca.crt | sed "s/[:]//g"

Mandatory: Yes. It is recommended to always configure this field when possible.