I am trying to unite my brain around how many certificates I will need for maintenance fabric. I read quite a lot from the product team, and it was very useful, now I'm trying to translate this to what I really need in order to pursue the following goals:
- Create a secure cluster with AAD authentication (I understand the AAD part well)
- Enable HTTPS / SSL communication for stand-alone web avi that will be in the cluster
- Access Service Explorer via HTTPS without certificate errors
To create a secure cluster, I need a valid certificate that will require its own domain name.
Build a fabric service cluster in Azure with Azure Resource Manager
- The certificate must contain a private key.
- The certificate must be created for key exchange, exported to a Personal Information File (.pfx).
- The subject name of the certificate must match the domain used to access the Service Fabric cluster. This specification should provide SSL for the HTTPS cluster management endpoints and Explorer service fabric. You cannot obtain an SSL certificate from a certificate of authority (CA) for a domain
.cloudapp.azure.com. You must purchase a custom domain name for your cluster. When you request a certificate from a certification authority, the name of the certificate subject must match the domain name used for your cluster.
Based on this, it would be correct to assume that in order to achieve the goals described above, I need only one certificate and a user domain?
, , , .