HTTPS between Azure Service Fabric services

Question

I have the following scenario:

1. A stateless service with a self-hosted OWIN WebApi. This provides a RESTful client-facing api.
2. A stateful service, again with a self-hosted OWIN WebApi.
3. After locating the correct stateful service partition, the stateless service calls into stateful service to access state. It does so via HTTP/HTTPS into the WebApi.

This configuration works fine running on the local cluster and an Azure cluster over HTTP. I'm running into problems though with HTTPS.

Using a self-signed cert I'm able to use HTTPS between the client and the stateless front-end service. However, I can't seem to get the configuration quite right to allow the stateless service to communicate with the stateful service over HTTPS.

I get an exception when the stateless service makes the request to the stateful service. "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel." That has an inner exception of "The remote certificate is invalid according to the validation procedure".

I'm a bit fuzzy on security on service fabric, but have read through several articles, SO posts, blogs, etc. on the subject.

Here are my questions:

1. At a high level, what is the proper way to secure interservice communication in my scenario?
2. Is a self-sign cert supported in this scenario?

Answer 1

Are the two services in the same cluster? If so, why not just call the stateful service from the stateless one using ServiceProxy?

You can use a self-signed certificate - the error you're seeing is not specific to Service Fabric. There are several ways to bypass it (although obviously it's not recommended to do that in production). Take a look at this SO question: C# Ignore certificate errors?