Menu
I created Azure VM with SQL Server pre-installed and configured IIS to run my .NET application on it. When configuring SSL for my app I noticed that there are many certificates present on server already and quite a few of them being TenantEncryptionCert issued by and for Windows Azure CRP Certificate Generator. Does anyone have any idea what are these certificates for? Are these some Azure specific certs without which I will lose connectivity to my VM or what? Can I use them for SSL?
985
asked Jun 01 '16 12:06
TenantEncryptionCert certificates are used by the Azure Guest Agent (GA) & extensions.
You’ll usually see it when extensions are using Protected Settings like passwords, and we need to securely transfer the payloads with the WireServer (the host node). So they are encrypted and a certificate is needed.
The certificate is automatically created and managed by the GA. You shouldn’t really care about it.
GA checks for the presence of certificate on startup / update. If you delete it, or if it’s not there for other reasons, then it’ll create a new one.
Note that the GA doesn’t clean the expired certificates… so you might end up with a lot of certs in the certmgr console. For this reason you can safely delete the expired ones.
HTH
125
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
