Merge pull request #41136 from axelgMS/patch-25

ktoliver · web-flow · commit 65e1feeb54c2 · 2020-01-22T08:23:15.000-08:00
Add info on the Windows Azure CRP Certificate Generator
diff --git a/articles/virtual-machines/extensions/features-windows.md b/articles/virtual-machines/extensions/features-windows.md
@@ -248,6 +248,10 @@ Moving the **command to execute** property to the **protected** configuration se
 }
 ```
 
+On an Azure IaaS VM that uses extensions, in the certificates console, you might see certificates that have the subject **_Windows Azure CRP Certificate Generator_**. On a Classic RDFE VM, these certificates have the subject name **_Windows Azure Service Management for Extensions_**.
+
+These certificates secure the communication between the VM and its host during the transfer of protected settings (password, other credentials) used by extensions. The certificates are built by the Azure fabric controller and passed to the VM Agent. If you stop and start the VM every day, a new certificate might be created by the fabric controller. The certificate is stored in the computer's Personal certificates store. These certificates can be deleted. The VM Agent re-creates certificates if needed.
+
 ### How do agents and extensions get updated?
 
 The Agents and Extensions share the same update mechanism. Some updates do not require additional firewall rules.

Original file line number	Diff line number	Diff line change
`@@ -248,6 +248,10 @@ Moving the command to execute property to the protected configuration se`
`248`	`248`	`}`
`249`	`249`	```
`250`	`250`
	`251`	`+On an Azure IaaS VM that uses extensions, in the certificates console, you might see certificates that have the subject _Windows Azure CRP Certificate Generator_. On a Classic RDFE VM, these certificates have the subject name _Windows Azure Service Management for Extensions_.`
	`252`	`+`
	`253`	+These certificates secure the communication between the VM and its host during the transfer of protected settings (password, other credentials) used by extensions. The certificates are built by the Azure fabric controller and passed to the VM Agent. If you stop and start the VM every day, a new certificate might be created by the fabric controller. The certificate is stored in the computer's Personal certificates store. These certificates can be deleted. The VM Agent re-creates certificates if needed.
	`254`	`+`
`251`	`255`	`### How do agents and extensions get updated?`
`252`	`256`
`253`	`257`	`The Agents and Extensions share the same update mechanism. Some updates do not require additional firewall rules.`