• about reply
Solidsoft Reply Logo
Menu
  • What we do
  • Pharmaceutical Sector
  • The Solid Blog
  • Newsroom
  • Contact Us
Choose language:
  • about Reply
Solidsoft Reply Logo

Search

Focus On

Blog

Changing from using a certificate thumbprint to a common name in a service fabric cluster

Toby Marshall

Traditionally, the ssl (this is the certificate that is used to secure your service fabric) is referenced in Microsoft Azure by its certificate thumbprint, this being the unique identifier of the certificate in the form of a hash value computed over the complete certificate.

The problem with this is that whenever the ssl certificate has to be updated in the service fabric cluster (most likely because the certificate is going to or has expired), the new certificate will have a different thumbprint then the one referenced in the service fabric cluster. This means that either a complicated and difficult change on service fabric’s configuration or even a complete rebuild of the entire cluster to change! Switching to the cluster using the common name means that you can just make a new signed certificate with the same common name and service fabric will pick up the certificate automatically with no major work on the developer’s end.

To change from thumbprint to common name, first you have to get a valid certificate from a Certificate authority (self-signed certificates are NOT support by Microsoft Azure.) This certificate then needs to deployed onto both the key vault and the virtual machine scale set. The best way to add it to the key vault would be to create and run a power shell script that will add the certificate to the key vault

Thumbprint1

[This is an exam of adding to an existing key vault. If it does not exist you would have to create the key vault first.]

Once this is done, you will have to install the same certificate onto the machine scale sets. You could either add a step in the arm template to install it to the scale set or create a simple PowerShell script to install it, both would work, though installing through the arm template is a much better practise as it increases automation and allows more to be spun up with ease.

Next, open the arm template file for the cluster (used for deployment of the cluster to an environment) and in the parameters section, remove the certificate Thumbprint and then add:

Thumbnail2

This will allow you to add the common name during deployment via AzureDevOps with a new parameter called certificateCommonName. The process to install the certificate on the virtual machine scale set via the arm template (the prefered method) involves going into the Microsoft.Compute/virtualMachineScaleSets section and removing the thumbprint section

Thumbnail3

As a final change in the arm template, at the Microsoft.ServiceFabric/cluster section, update the API to 2018-02-01 and add a certificateCommonNames setting with a commonNames property and remove the certificate setting (with the thumbprint property).

Once this is all done, just redeploy the arm template to the environment and it will have the new certificate. This will allow any future deployments to only require a simple redeploy with a new cert as the parameter on top of the existing one rather a complete rebuild and remake of the system.

RELATED CONTENTS

Solidsoft Reply becomes a GS1 UK Partner

Solidsoft Reply becomes a GS1 UK Partner 0

Read more

Pharmaceutical Sector

Solidsoft Reply develop cloud-based solutions, integrate unconnected systems and automate business functions to provide the step change needed for Pharmaceutical businesses to thrive.

FIND OUT MORE

Pharmaceutical Sector 0

HEALTHCARE & PHARMACEUTICAL INTEGRATION SPECIALISTS

Empowering health & pharmaceutical organisations across
Europe to become more efficient and enable new levels of care.


NOT HEARD OF US?

HEALTHCARE & PHARMACEUTICAL INTEGRATION SPECIALISTS 0
 
 
 
 
Reply ©​​ 2022​ - Company Information -
 PrivacyCookie Settings​
  • About Reply​​​
  • Inves​tors​​
  • Newsroom
  • Follow Reply on
  • ​
  • ​
​
  • ​About Solidsoft Reply
  • Privacy & Cookies Policy
  • Information (Client)
  • Information (Supplier)​