Make certificateUrl optional for HTTPS WinRM
Requiring that I either generate a certificate for every VM before I create the VM or use the same certificate for HTTPS configuration of WinRM is not ideal (you can't ever change the reference certificateUrl after creating the VM, and it has to reference a specific secret version).
Please auto-generate a self-signed certificate if the certificateUrl is ommitted.
It should be as simple as SSH on Linux VMs which is auto-configured on first boot!
And be able to update the certificate after creating the VM.
Because at this time when you change the certificate you cant deploy anymore and so you can't update the winrm certificate if it's expired.