I guess that the thumbprint and the common name provided in the sample are just dummy data to so you won't have to post the real values here? However, the problem might be just this, if you run this with the real values do you still get the same exception?
E.g.
string thumb = "1234567890123456789012345678901234567890";
string CommonName = "somefabric.cloudapp.azure.com";
string connection = "somefabric.cloudapp.azure.com:19000";
try
{
X509Credentials xc = GetCredentials(thumb, thumb, CommonName);
FabricClient fc = new FabricClient(xc, connection);
Console.WriteLine("Cluster is connected");
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
This will throw the exception The X509 thumbprint specified is invalid.. If you change it to the same as in the Microsoft sample however:
string clientCertThumb = "71DE04467C9ED0544D021098BCD44C71E183414E";
string serverCertThumb = "A8136758F4AB8962AF2BF3F27921BE1DF67F4326";
string CommonName = "www.clustername.westus.azure.com";
string connection = "somefabric.westus.cloudapp.azure.com:19000";
try
{
X509Credentials xc = GetCredentials(clientCertThumb, serverCertThumb, CommonName);
FabricClient fc = new FabricClient(xc, connection);
Console.WriteLine("Cluster is connected");
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
You will now instead get the an exception stating An error occurred during this operation. Please check the trace logs for more details.. You get this error because the cluster somefabric.westus.cloudapp.azure.com doesn't exist and you cannot connect to that address with the FabricClient, but the certificate thumbprint is recognized as a thumbprint.
Substituting this for the actual thumbprints, Common Name and connection to your cluster will work.
Detailed explanation:
Somewhere in the underlying code Service Fabric actually validates your certificate thumbprint. The thumbprint for the certificate in this case is a SHA-1 hash of the certificate (usually of the entire certificate's contents in der format), it is very unlikely that one would end up with 1234567890123456789012345678901234567890 as the actual hash. Here is a nice blog entry explaining more about the anatomy of a certificate thumbprint.
Also, you should not use the same certificate for the client security as for the cluster security:
https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-security (see the Note at the end of the article).
All management operations on a Service Fabric cluster require server certificates. Client certificates cannot be used for management.
Checking the certificates
The cluster's certificate should be the one you provided when you created the cluster the first time. You should be able to find it in the Key Vault that holds it. You can also check the thumbnail for it by finding the Cluster resource in the Azure Portal. Click Security under your cluster resource.
The field that says Primary certificate shows the thumbnail you could expect from the cluster when connecting to it.
When you connect to the Service Fabric Explorer (usually at port 19080) you can also view it if you check certificate provided for the HTTPS connection. If you the click details for the certificate you should see the thumbprint among the properties of the certificate.
Before you are allowed access, the browser will ask you for your client certificate, at this point you can provide the certificate that should be located on your computer.
After that you should be able to view the certificate details by looking att the security for the page in your browser.
You can find your local certificate in Windows if you open Manage User Certificates, here you should be able to find the certificate that you wan't to use under Personal/Certificates. The thumbnail found under details should similarly be the same thumbnail that you present in your code. It should also be present in the list of Client Certificates in the Azure portal when viewing the cluster security. If it is not there, you need to add it. After Azure finished updating the security of your cluster you should be able to connect with that certificate.
