New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added recommendation about using SHA1 thumbprint. #14674

Merged
merged 1 commit into from Sep 13, 2018

Conversation

Projects
None yet
5 participants
@crpietschmann
Contributor

crpietschmann commented Sep 7, 2018

Added recommendation about using SHA1 thumbprint. The documentation isn't very clear as to what SHA hash to generate / use for thumbprints. Azure KeyVault outputs SHA1 hashes for the certificates, and that's fine if you use those directly with Service Fabric. However, with self-generated, self-signed certificates it's important to use SHA1 for generating the thumbprint values to use, and the documentation doesn't mention SHA1 very clearly throughout. This is a cause of confusion since it could be assumed that SHA256 thumbprints would be ok, but they are not and you'll get HTTP 403 errors if you try to use them without any kind of warning as to specifically why. Adding mention of SHA1 should help those that are having issues, or even prevent them all together.

Added recommendation about using SHA1 thumbprint.
Added recommendation about using SHA1 thumbprint. The documentation isn't very clear as to what SHA hash to generate / use for thumbprints. Azure KeyVault outputs SHA1 hashes for the certificates, and that's fine if you use those directly with Service Fabric. However, with self-generated, self-signed certificates it's important to use SHA1 for generating the thumbprint values to use, and the documentation doesn't mention SHA1 very clearly throughout. This is a cause of confusion since it could be assumed that SHA256 thumbprints would be ok, but they are not and you'll get HTTP 403 errors if you try to use them without any kind of warning as to specifically why. Adding mention of SHA1 should help those that are having issues, or even prevent them all together.
@PRMerger6

This comment has been minimized.

Show comment
Hide comment
@PRMerger6

PRMerger6 Sep 7, 2018

Contributor

@crpietschmann : Thanks for your contribution! The author, @aljo-microsoft, has been notified to review your proposed change.

Contributor

PRMerger6 commented Sep 7, 2018

@crpietschmann : Thanks for your contribution! The author, @aljo-microsoft, has been notified to review your proposed change.

@aljo-microsoft

LGTM

@aljo-microsoft

This comment has been minimized.

Show comment
Hide comment
@aljo-microsoft

aljo-microsoft Sep 13, 2018

Contributor

#sign-off

Contributor

aljo-microsoft commented Sep 13, 2018

#sign-off

@GitHubber17 GitHubber17 merged commit 7d50c9b into MicrosoftDocs:master Sep 13, 2018

1 check passed

license/cla All CLA requirements met.

@crpietschmann crpietschmann deleted the crpietschmann:patch-3 branch Sep 13, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment