Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also .

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also .
Choose a Base Repository
MicrosoftDocs/azure-docs
crpietschmann/azure-docs
APiZFiBlockChain4/azure-docs
ARYANKAUSHIK/azure-docs
Angelaliu10/azure-docs
AnthonySteven/azure-docs
ArvindHarinder1/azure-docs
AzureSupport/azure-docs
Banani-Rath/azure-docs
BretStateham/azure-docs
CNXTEoEorg/azure-docs
CarlRabeler/azure-docs
DRediske/azure-docs
DaleKoetke/azure-docs
DieterRa/azure-docs
DuncanmaMSFT/azure-docs
Erikre/azure-docs
Gamlyn/azure-docs
JakobGSvendsen/azure-docs
Jolleyman/azure-docs
JulianoCristian/azure-docs
JuniorIce/azure-docs
KumudD/azure-docs
LuisCabrer/azure-docs
MaggiePucciEvans/azure-docs
MattAllison/azure-docs
MatthewMcGlynn/azure-docs
MeganYount/azure-docs
Meladie/azure-docs
MelissaALowe/azure-docs
MikkelHegn/azure-docs
PeterSelchDahl/azure-docs
RPangrle/azure-docs
Ryansoc/azure-docs
SanderBerkouwer/azure-docs
Security8technology/azure-docs
SmallRug/azure-docs
StephenWThomas/azure-docs
TomShinder/azure-docs
VKsai/azure-docs
Vashum/azure-docs
YoannGUILLO/azure-docs
YusufGarba/azure-docs
abhi004/azure-docs
adkinn/azure-docs
admingagan/azure-docs
aggFTW/azure-docs
ahgyger/azure-docs
ajith-k/azure-docs
alexandair/azure-docs
alkohli/azure-docs
alvarorahul/azure-docs
amitbapat/azure-docs
anavinahar/azure-docs
andreasgloor/azure-docs
andredm7/azure-docs
andreyse/azure-docs
andyjballgit/azure-docs
anthonychu/azure-docs
anwather/azure-docs
aoancea/azure-docs
arafato/azure-docs
ashishthaps/azure-docs
avranju/azure-docs
azuredatafactoryv2/azure-docs
baseif/azure-docs
becczhang/azure-docs
benilg/azure-docs
bjarnesl/azure-docs
brendalee/azure-docs
brendandburns/azure-docs
brunolewin-msft/azure-docs
bvanderb/azure-docs
chainoy/azure-docs
chongok88/azure-docs
cloudmelon/azure-docs
colemickens/azure-docs
ctolkien/azure-docs
cychua/azure-docs
damianotway/azure-docs
darrelmiller/azure-docs
davidmarek/azure-docs
davidmarekmsft/azure-docs
devlead/azure-docs
dfberry/azure-docs
dmitrykazakov/azure-docs
doneladams/azure-docs
dougvdotcom/azure-docs
dreijer/azure-docs
ejarvi/azure-docs
eloldag/azure-docs
enuysa-msft/azure-docs
ernestcr/azure-docs
fabiocav/azure-docs
fahey252/azure-docs
falabs/azure-docs
fashaikh/azure-docs
faxata/azure-docs
fenxu/azure-docs
fixx220/azure-docs
fleetzen/azure-docs
friism/azure-docs
ggailey777/azure-docs
giridham/azure-docs
gopitk/azure-docs
gusfraser/azure-docs
h0n/azure-docs
harishkunal88/azure-docs
haristauqir/azure-docs
hazwan90/azure-docs
hvredevoort/azure-docs
ilyas-it83/azure-docs
ishepherd/azure-docs
j-thomas-ucl/azure-docs
jaymathe/azure-docs
jboeshart/azure-docs
jeffhollan/azure-docs
jguadagno/azure-docs
jimdial/azure-docs
jimeilong/azure-docs
jkewley/azure-docs
johnthcall/azure-docs
jolleymd/azure-docs
jtucker/azure-docs
kencenerelli/azure-docs
kevinlam1/azure-docs
kevinvngo/azure-docs
kevinyr/azure-docs
khilscher/azure-docs
ksens/azure-docs
kwill-MSFT/azure-docs
kyddjamFoundation/azure-docs
laramume/azure-docs
larslind/azure-docs
lastcoolnameleft/azure-docs
leyasa/azure-docs
lzandman/azure-docs
mabicca/azure-docs
makhaly/azure-docs
manuaery/azure-docs
masnider/azure-docs
matt-softlogic/azure-docs
mayanknayar/azure-docs
miaojiang/azure-docs
micurd/azure-docs
mikeplavsky/azure-docs
mimig1/azure-docs
misteed-msft/azure-docs
mohamed-mrad/azure-docs
msmbaldwin/azure-docs
nathan-gs/azure-docs
nickarms/azure-docs
nromyn/azure-docs
obsoleted/azure-docs
oedenfield/azure-docs
ovishesh/azure-docs
p2horst/azure-docs
pavinan/azure-docs
pirminf/azure-docs
pollirrata/azure-docs
psignoret/azure-docs
qanon1111/azure-docs
qm31122016/azure-docs
rachel-msft/azure-docs
raiye/azure-docs
randycampbell/azure-docs
raymondlaghaeian/azure-docs
rboucher/azure-docs
rdtechie/azure-docs
rogeriorrodrigues/azure-docs
rverschuur/azure-docs
saipv/azure-docs
selhorn/azure-docs
sfilinto/azure-docs
sharonlo101/azure-docs
shashishailaj/azure-docs
shchoy/azure-docs
shrishrirang/azure-docs
simplesteph/azure-docs
soelu/azure-docs
stefanogiacco/azure-docs
steven-r/azure-docs
sujitks/azure-docs
symphonyeyc/azure-docs
tamiam/azure-docs
themacmarketer/azure-docs
themichaelbender/azure-docs
therciopo/azure-docs
thumperBIG/azure-docs
toyashwantsingh/azure-docs
tsubasaxZZZ/azure-docs
vitorfariatomaz/azure-docs
vkonev/azure-docs
vladimir-kotikov/azure-docs
voellm/azure-docs
vtango/azure-docs
vwxyzh/azure-docs
webash/azure-docs
wshirey/azure-docs
wyldebill/azure-docs
xstabel/azure-docs
Nothing to show
Choose a Head Repository
MicrosoftDocs/azure-docs
crpietschmann/azure-docs
APiZFiBlockChain4/azure-docs
ARYANKAUSHIK/azure-docs
Angelaliu10/azure-docs
AnthonySteven/azure-docs
ArvindHarinder1/azure-docs
AzureSupport/azure-docs
Banani-Rath/azure-docs
BretStateham/azure-docs
CNXTEoEorg/azure-docs
CarlRabeler/azure-docs
DRediske/azure-docs
DaleKoetke/azure-docs
DieterRa/azure-docs
DuncanmaMSFT/azure-docs
Erikre/azure-docs
Gamlyn/azure-docs
JakobGSvendsen/azure-docs
Jolleyman/azure-docs
JulianoCristian/azure-docs
JuniorIce/azure-docs
KumudD/azure-docs
LuisCabrer/azure-docs
MaggiePucciEvans/azure-docs
MattAllison/azure-docs
MatthewMcGlynn/azure-docs
MeganYount/azure-docs
Meladie/azure-docs
MelissaALowe/azure-docs
MikkelHegn/azure-docs
PeterSelchDahl/azure-docs
RPangrle/azure-docs
Ryansoc/azure-docs
SanderBerkouwer/azure-docs
Security8technology/azure-docs
SmallRug/azure-docs
StephenWThomas/azure-docs
TomShinder/azure-docs
VKsai/azure-docs
Vashum/azure-docs
YoannGUILLO/azure-docs
YusufGarba/azure-docs
abhi004/azure-docs
adkinn/azure-docs
admingagan/azure-docs
aggFTW/azure-docs
ahgyger/azure-docs
ajith-k/azure-docs
alexandair/azure-docs
alkohli/azure-docs
alvarorahul/azure-docs
amitbapat/azure-docs
anavinahar/azure-docs
andreasgloor/azure-docs
andredm7/azure-docs
andreyse/azure-docs
andyjballgit/azure-docs
anthonychu/azure-docs
anwather/azure-docs
aoancea/azure-docs
arafato/azure-docs
ashishthaps/azure-docs
avranju/azure-docs
azuredatafactoryv2/azure-docs
baseif/azure-docs
becczhang/azure-docs
benilg/azure-docs
bjarnesl/azure-docs
brendalee/azure-docs
brendandburns/azure-docs
brunolewin-msft/azure-docs
bvanderb/azure-docs
chainoy/azure-docs
chongok88/azure-docs
cloudmelon/azure-docs
colemickens/azure-docs
ctolkien/azure-docs
cychua/azure-docs
damianotway/azure-docs
darrelmiller/azure-docs
davidmarek/azure-docs
davidmarekmsft/azure-docs
devlead/azure-docs
dfberry/azure-docs
dmitrykazakov/azure-docs
doneladams/azure-docs
dougvdotcom/azure-docs
dreijer/azure-docs
ejarvi/azure-docs
eloldag/azure-docs
enuysa-msft/azure-docs
ernestcr/azure-docs
fabiocav/azure-docs
fahey252/azure-docs
falabs/azure-docs
fashaikh/azure-docs
faxata/azure-docs
fenxu/azure-docs
fixx220/azure-docs
fleetzen/azure-docs
friism/azure-docs
ggailey777/azure-docs
giridham/azure-docs
gopitk/azure-docs
gusfraser/azure-docs
h0n/azure-docs
harishkunal88/azure-docs
haristauqir/azure-docs
hazwan90/azure-docs
hvredevoort/azure-docs
ilyas-it83/azure-docs
ishepherd/azure-docs
j-thomas-ucl/azure-docs
jaymathe/azure-docs
jboeshart/azure-docs
jeffhollan/azure-docs
jguadagno/azure-docs
jimdial/azure-docs
jimeilong/azure-docs
jkewley/azure-docs
johnthcall/azure-docs
jolleymd/azure-docs
jtucker/azure-docs
kencenerelli/azure-docs
kevinlam1/azure-docs
kevinvngo/azure-docs
kevinyr/azure-docs
khilscher/azure-docs
ksens/azure-docs
kwill-MSFT/azure-docs
kyddjamFoundation/azure-docs
laramume/azure-docs
larslind/azure-docs
lastcoolnameleft/azure-docs
leyasa/azure-docs
lzandman/azure-docs
mabicca/azure-docs
makhaly/azure-docs
manuaery/azure-docs
masnider/azure-docs
matt-softlogic/azure-docs
mayanknayar/azure-docs
miaojiang/azure-docs
micurd/azure-docs
mikeplavsky/azure-docs
mimig1/azure-docs
misteed-msft/azure-docs
mohamed-mrad/azure-docs
msmbaldwin/azure-docs
nathan-gs/azure-docs
nickarms/azure-docs
nromyn/azure-docs
obsoleted/azure-docs
oedenfield/azure-docs
ovishesh/azure-docs
p2horst/azure-docs
pavinan/azure-docs
pirminf/azure-docs
pollirrata/azure-docs
psignoret/azure-docs
qanon1111/azure-docs
qm31122016/azure-docs
rachel-msft/azure-docs
raiye/azure-docs
randycampbell/azure-docs
raymondlaghaeian/azure-docs
rboucher/azure-docs
rdtechie/azure-docs
rogeriorrodrigues/azure-docs
rverschuur/azure-docs
saipv/azure-docs
selhorn/azure-docs
sfilinto/azure-docs
sharonlo101/azure-docs
shashishailaj/azure-docs
shchoy/azure-docs
shrishrirang/azure-docs
simplesteph/azure-docs
soelu/azure-docs
stefanogiacco/azure-docs
steven-r/azure-docs
sujitks/azure-docs
symphonyeyc/azure-docs
tamiam/azure-docs
themacmarketer/azure-docs
themichaelbender/azure-docs
therciopo/azure-docs
thumperBIG/azure-docs
toyashwantsingh/azure-docs
tsubasaxZZZ/azure-docs
vitorfariatomaz/azure-docs
vkonev/azure-docs
vladimir-kotikov/azure-docs
voellm/azure-docs
vtango/azure-docs
vwxyzh/azure-docs
webash/azure-docs
wshirey/azure-docs
wyldebill/azure-docs
xstabel/azure-docs
Nothing to show
  • 1 commit
  • 1 file changed
  • 0 commit comments
  • 1 contributor
Commits on Sep 07, 2018
Added recommendation about using SHA1 thumbprint.
Added recommendation about using SHA1 thumbprint. The documentation isn't very clear as to what SHA hash to generate / use for thumbprints. Azure KeyVault outputs SHA1 hashes for the certificates, and that's fine if you use those directly with Service Fabric. However, with self-generated, self-signed certificates it's important to use SHA1 for generating the thumbprint values to use, and the documentation doesn't mention SHA1 very clearly throughout. This is a cause of confusion since it could be assumed that SHA256 thumbprints would be ok, but they are not and you'll get HTTP 403 errors if you try to use them without any kind of warning as to specifically why. Adding mention of SHA1 should help those that are having issues, or even prevent them all together.
Showing with 1 addition and 0 deletions.
  1. +1 −0 articles/service-fabric/service-fabric-cluster-security.md
@@ -88,6 +88,7 @@ Some important things to consider:
* To create certificates for clusters that are running production workloads, use a correctly configured Windows Server certificate service, or one from an approved [certificate authority (CA)](https://en.wikipedia.org/wiki/Certificate_authority).
* Never use any temporary or test certificates that you create by using tools like MakeCert.exe in a production environment.
* You can use a self-signed certificate, but only in a test cluster. Do not use a self-signed certificate in production.
* When generating the certificate thumbprint, be sure to generate a SHA1 thumbprint. SHA1 is what's used when configuring the Client and Cluster certificate thumbprints.
### Cluster and server certificate (required)
These certificates (one primary and optionally a secondary) are required to secure a cluster and prevent unauthorized access to it. These certificates provide cluster and server authentication.

No commit comments for this range