Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, June 12, 2017 7:50 AM
On multiple (if not all) virtual machines hosted on our Azure environment there's a certificate named 'Windows Azure CRP Certificate Generator' which is about to expire. There's also another certificate with the exact same name, but with a longer expiration date.
If I understand correctly this certificate is used for Microsoft's services and managing the VM. But since we also use SCOM to monitor these VM's, some monitors are reporting the almost expired certificates.
Is it safe to remove these certificate since there's a newer one already present? Or is there any way we can check if the older certificate is still in use?
All replies (6)
Monday, September 3, 2018 12:04 PM âś…Answered
Sorry for not checking back in a while, but on multiple VMs we actualy removed the certificate that was about to expire (and a second certificate with a longer expiration date was present) and nothing bad happened. So I think it's safe to say it shouldn't be a problem to remove the certificate.
Tuesday, June 13, 2017 4:19 AM
I just spun up an Azure VM with Windows 2016 Server OS marketplace image and I don't see that certificate installed. Could you verify what authority has issued that certificate. Also, have all your VMs been installed using the available Azure marketplace image or are they from a custom image?
Tuesday, June 13, 2017 7:36 AM
Thanks for your reply. The server runs a custom image of Windows Server 2012 R2. The certificate's issuer is 'Windows Azure CRP Certificate Generator' and (if it helps) the friendly name is 'TenantEncryptionCert'. I can't check the CA Root certificate since it's not available and is therefore marked as not trusted.
Monday, July 3, 2017 4:46 AM
I tried checking on this a bit more and found that this certificate gets re-generated once it is deleted. Have you already deleted the older certificates? If so, did it cause any issues?
Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.
Monday, September 3, 2018 9:20 AM
Guys did you solve this ? I have same issue, 2 Windows Azure CRP Certificate Generator certificates, I got alert that one is going to expire this month. Can I just delete it, if second certificate has longer expiration date?
Monday, September 3, 2018 2:34 PM
Thanks for the quick response! :)