Reputation: 329
TenantEncryptionCert on VM created in Azure
I created Azure VM with SQL Server pre-installed and configured IIS to run my .NET application on it. When configuring SSL for my app I noticed that there are many certificates present on server already and quite a few of them being TenantEncryptionCert issued by and for Windows Azure CRP Certificate Generator. Does anyone have any idea what are these certificates for? Are these some Azure specific certs without which I will lose connectivity to my VM or what? Can I use them for SSL?
Upvotes: 10
Views: 11361
Answers (1)
Reputation: 131
TenantEncryptionCert certificates are used by the Azure Guest Agent (GA) & extensions.
You’ll usually see it when extensions are using Protected Settings like passwords, and we need to securely transfer the payloads with the WireServer (the host node). So they are encrypted and a certificate is needed.
The certificate is automatically created and managed by the GA. You shouldn’t really care about it.
GA checks for the presence of certificate on startup / update. If you delete it, or if it’s not there for other reasons, then it’ll create a new one.
Note that the GA doesn’t clean the expired certificates… so you might end up with a lot of certs in the certmgr console. For this reason you can safely delete the expired ones.
HTH
Upvotes: 10
Related Questions
- How to solve "Could not establish trust relationship for the SSL/TLS secure channel with authority"
- Java Keytool error after importing certificate , "keytool error: java.io.FileNotFoundException & Access Denied"
- create a trusted self-signed SSL cert for localhost (for use with Express/Node)
- Azure Cosmos DB Emulator - Invalid SSL Certificate
- IIS Certificate is being auto-created and changed on bindings
- The incorrect localhost certificate is being served by IIS
- IIS 7.5 Client certificate authentication
- Wrong SSL certificate is returned for an Azure website
- Which SSL certificates can I use on IIS7?
- Azure with SSL issue