Reputation: 1116
Servicefabric cluster certificate rollover and Add-AzServiceFabricClusterCertificate
I have a servicefabric cluster deployed (uses thumbprint not commonname), whose cluster certificate is close to expiring. I am a bit confused about the process for adding new certificate and making the rollover.
There is this article that sheds light on it https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-rollover-cert-cn
It mentions that using commonnames makes the process easier, but doesnt mention how commonname based rollover is easier?
I have also seen this command Add-AzServiceFabricClusterCertificate - This can create the certificate in Keyvault and update servicefabric cluster too.
My questions are:
- Is this a replacement for process described in the article above?
- Can this be used for certificate rollover?
- Once the new certificate is added is the rollover automatic?
Upvotes: 0
Views: 898
Answers (1)
Reputation: 1116
An update. This command (Add-AzServiceFabricClusterCertificate) did the trick. It updated the servicefabric cluster/vm scaleset and added a secondary certificate. I was able to swap the secondary and primary certificate as a second operation.
Upvotes: 0
Related Questions
- Service Fabric Local Cluster fails to get certificate(s) private key(s)
- Adding a client certificate to a single node service fabric cluster
- How to update Update X509 certificates for On-Premise Service Fabric cluster
- How to bind custom SSL certificate to Service Fabric cluster management endpoint?
- Service Fabric on premises Secure cluster using third party CA certificate
- How to upload Certificate in Service Fabric Cluster
- How many certificates are necessary for a secure Service Fabric cluster
- How to add a Certificate to an azure service fabric cluster vmset
- Install a certificate for a local cluster
- Install a certificate in a Service Fabric Cluster without a private key