Thanks for the feedback! We are currently investigating and will update you shortly.

@scott1138 When you create a VM, certificates and keys are stored in the protected /var/lib/waagent/ directory.

Please refer to this doc for more details: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-secure-web-server

I’m sorry, but I don’t see how that explains the use of certificteStoreName and certificateStoreLocation in the Key Vault Extension.

Property values
Name
Value / Example
Data Type
apiVersion
2019-07-01
date
publisher
Microsoft.Azure.KeyVault
string
type
KeyVaultForLinux
string
typeHandlerVersion
1.0
int
pollingIntervalInS
3600
string
certificateStoreName
MY
string
linkOnRenewal
false
boolean
certificateStoreLocation
LocalMachine
string
requiredInitialSync
true
boolean
observedCertificates
["https://myvault.vault.azure.net/secrets/mycertificate"]
string array

Sent from Mailhttps://go.microsoft.com/fwlink/?LinkId=550986 for Windows 10

From: Karishma Tiwari - MSFTnotifications@github.com
Sent: Wednesday, December 4, 2019 6:29 PM
To: MicrosoftDocs/azure-docsazure-docs@noreply.github.com
Cc: scott1138scott.heath@outlook.com; Authorauthor@noreply.github.com
Subject: Re: [MicrosoftDocs/azure-docs] Explain Linux cert locations (#43898)

When you create a VM, certificates and keys are stored in the protected /var/lib/waagent/ directory

Please refer to this doc for more details: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-secure-web-serverhttps://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fvirtual-machines%2Flinux%2Ftutorial-secure-web-server&data=02%7C01%7C%7Cd57b72d9bba342418ad408d7791a2a1d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637111025586081248&sdata=fgu128%2FmOqauKVdx5Tqytq1p%2Bt7Y6mWXTXMF%2FSSwyo8%3D&reserved=0

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHubhttps://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fazure-docs%2Fissues%2F43898%3Femail_source%3Dnotifications%26email_token%3DAHHSHHDVVJYFGJFXWIE43JDQXBDNXA5CNFSM4JTZBN22YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEF7BAWQ%23issuecomment-561909850&data=02%7C01%7C%7Cd57b72d9bba342418ad408d7791a2a1d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637111025586091247&sdata=4%2BZWwCMMmyywA3crBmEtmuep%2FkheZvX2GvD6KllEj00%3D&reserved=0, or unsubscribehttps://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAHHSHHCOBXCOBCIUF7IH2QLQXBDNXANCNFSM4JTZBN2Q&data=02%7C01%7C%7Cd57b72d9bba342418ad408d7791a2a1d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637111025586101265&sdata=IRH5AdV5miJUEHkxofBzFmpB1g8QFw2i%2BQSkMYq4uDY%3D&reserved=0.

Looks like the doc needs to be updated with the information for linux. I have assigned the issue to the content author to investigate further and update the document as appropriate.
CC: @msmbaldwin

reassign: @MicahMcKittrick-MSFT

Is there any progress on this? My team is also interested in using this extension, but without providing proper location where to store certificate locally, we cannot proceed. As mentioned above, values listed for certificateStoreLocation should also support Linux OS setup logic, not the Windows only.

Would like an update? Running into the same issue on Linux.

Give this a try:

            "certificateStoreName": "/etc/ssl/certs",
            "certificateStoreLocation": "/etc/ssl/certs",

Can confirm adding the above 2 lines works.

I've also updated document:
"certificateStoreLocation": ,

please-close