I'm trying to wrap my brain around how many certificates I'm going to need for service fabric. I've read quite a bit from the product team and that's been really helpful, now I'm trying to distill that down to what I actually need given the following goals:
- Create a secure cluster with AAD authentication (I'm good with the AAD part)
- Enable communication over HTTPS/SSL for self-hosted web api that will reside on the cluster
- Access service fabric explorer over HTTPS without certificate errors
In order to create a secure cluster I'll need a valid certificate which will require a custom domain name.
Create a Service Fabric cluster in Azure using Azure Resource Manager
- The certificate must contain a private key.
- The certificate must be created for key exchange, exportable to a Personal Information Exchange (.pfx) file.
- The certificate's subject name must match the domain used to access the Service Fabric cluster. This matchng is required to provide SSL for the cluster's HTTPS management endpoints and Service Fabric Explorer. You cannot obtain an SSL certificate from a certificate authority (CA) for the
.cloudapp.azure.comdomain. You must acquire a custom domain name for your cluster. When you request a certificate from a CA, the certificate's subject name must match the custom domain name used for your cluster.
Based on that, would it be correct to assume that I only need one cert and a custom domain to achieve the goals outlined above?
I'd like to follow any best practices on this, so if I'm in error, please provide feedback.
