Update the documentation pages

configuration/encryption-and-signing-credentials.html

@@ -135,6 +135,10 @@ Unlike ephemeral keys, development certificates are persisted - but not shared a
 </code></pre><div class="WARNING"><h5>Warning</h5><p>This feature is not available on .NET Framework 4.6.1: calling <code>options.AddDevelopmentEncryptionCertificate()</code> or <code>options.AddDevelopmentSigningCertificate()</code>
 will result in a <code>PlatformNotSupportedException</code> being thrown at runtime if no valid development certificate can be found and a new one must be generated.</p>
 </div>
+<div class="CAUTION"><h5>Caution</h5><p><code>options.AddDevelopmentEncryptionCertificate()</code> or <code>options.AddDevelopmentSigningCertificate()</code> cannot be used in applications deployed on IIS or Azure App Services:
+trying to use them on IIS or Azure App Services will result in an exception being thrown at runtime (unless the application pool is configured to load a user profile).
+To avoid that, consider creating self-signed certificates and storing them in the X.509 certificates store of the host machine(s).</p>
+</div>
 <h3 id="registering-a-key">Registering a key</h3>
 <p>To register a signing or encryption key, an instance of a <code>SecurityKey</code> - typically a <code>SymmetricSecurityKey</code> or a <code>RsaSecurityKey</code> -
 can be provided to the <code>options.AddSigningKey()</code>/<code>options.AddEncryptionKey()</code> methods:</p>