locked
CLuster certificate and SSL certificate in Production service fabric RRS feed

  • Question

  • Hi,

    I was using separate self singed certificate for cluster authentication and SSL, Now I am deploying my application in production environment, can you please suggest what approach I should follow for Production.

    Is it possible to use my domain wildcard certificate for both cluster authentication as well as SSL? Can anybody please suggest if it would be better idea.

    Monday, October 22, 2018 8:58 AM

Answers

  • Hello Uma!

    It is certainly feasible to use the same cert. It should work normally on each - but do keep in mind that does mean that if the certificate is compromised it will compromise the security to both instead of just one or the other.

    If this answer was helpful, click “Mark as Answer” or Up-Vote. To provide additional feedback on your forum experience, click Here

    Tuesday, October 23, 2018 6:58 PM

All replies

  • Hi Uma,

    The certificate for securing a Service Fabric cluster is required for cluster authentication. In addition to this, the certificate also provides SSL for the HTTPS management API and for Service Fabric Explorer over HTTPS.  For your reference, please refer to the following guide on cluster certificates: https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-security#cluster-and-server-certificate-required

    In relation to deploying your application and cluster to Production, I would recommend the following Production readiness checklist guide: https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-production-readiness-checklist

    If this answer was helpful, click “Mark as Answer” or Up-Vote. To provide additional feedback on your forum experience, click Here

    • Proposed as answer by robrien-MSFT Monday, October 22, 2018 11:53 AM
    • Unproposed as answer by WyattHavron-MSFT Tuesday, October 23, 2018 6:58 PM
    Monday, October 22, 2018 11:53 AM
  • Thanks for Reply.

    Here SSL means to my web API endpoint, that I am providing using this documentation.

    https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-tutorial-dotnet-app-enable-https-endpoint

    So, my question is, is it feasible to use same certificate for both cluster authentication and SSL for API endpoint?

    Ex:I have a certificate with dns like "*.mydomain.com".

    my cluster endpoint is sfc.mydomain.com

    and my API endpoint is like sfc.mydomain.com/api/

    Monday, October 22, 2018 12:14 PM
  • Hello Uma!

    It is certainly feasible to use the same cert. It should work normally on each - but do keep in mind that does mean that if the certificate is compromised it will compromise the security to both instead of just one or the other.

    If this answer was helpful, click “Mark as Answer” or Up-Vote. To provide additional feedback on your forum experience, click Here

    Tuesday, October 23, 2018 6:58 PM