All geek questions in one place

HTTPS endpoints do not work on the local Service Fabric cluster

I can start a stateless service in a local cluster cluster. However, when I add the https endpoint, activation fails.

I made the following changes:

ServiceManifest.xml:

<Endpoint Name="ServiceEndpoint" Type="Input" Protocol="https" Port="443" CertificateRef="my_api_cert" />

ApplicationManifest.xml:

 <Policies> <EndpointBindingPolicy EndpointRef="ServiceEndpoint" CertificateRef="my_api_cert" /> </Policies> <Certificates> <EndpointCertificate X509FindValue="[Api_SslCertHash]" Name="my_api_cert" /> </Certificates>

I downloaded the newly created certificate to the local computer \ My store too.

The following error occurs in the cluster manager:

Error event: SourceId = 'System.Hosting', property = 'Activation: 1.0: 1.0'. An error occurred during activation.

What could be the solution to this problem?

+6
source share
3 answers

I had the same problem and my problem was that I did not pass the correct fingerprint to ApplicationManifest.xml. Make sure your [Api_SslCertHash] has the correct cert fingerprint.

In EventViewer> Microsoft Service Fabric, I saw the following: Failed to configure the port certificate for the port: [my port], certificatefindvalue [my invalid certificate fingerprint], error 0x80070520

If you specify this error code on Google, you will see that it is related to SSL binding with IIS or something similar. To narrow it down to a certificate, and then I realized that I did not use the correct certificate.

Check if you missed something: http://ronaldwildenberg.com/running-an-azure-service-fabric-cluster-locally-on-ssl/ This link is a step-by-step guide on how to add https to the service fabric and you can use it as a checklist.

+2
source

As already mentioned, this can happen if the certificate thumbprint is incorrect. However, there is one specific reason that the fingerprint is wrong that it can be so frustrating to realize that it deserves its own answer.

I will quote TChiang phorego (Partner) from the MSDN forums (my attention):

The trick is that when copying the fingerprint from the store certificate, it comes with some hidden characters in front (when I place the cursor in front and press <- the cursor will not move forward on the left), so when you paste it into the manifest, SF cannot set provision of services. So just make sure you delete the hidden characters, and then it will be ok.

+1
source

Try adding the following to applicationmanifest.xml

  <ServiceManifestImport> <ServiceManifestRef ServiceManifestName="WebApiServicePkg" ServiceManifestVersion="1.0.0" /> <ConfigOverrides /> <Policies> <EndpointBindingPolicy CertificateRef="SslCert" EndpointRef="ServiceEndpoint" /> </Policies> </ServiceManifestImport> <Certificates> <EndpointCertificate Name="SslCert" X509FindValue="[SslCert_Thumbprint]" X509StoreName="My" /> </Certificates>
0
source

Source: https://habr.com/ru/post/1013356/

More articles:


All Articles