TechQA.

ServiceFabric Secrets encrypted with certificate inside X509FindValueSecondary

247 views Asked by At

I have an encrypted application secret.

In my ApplicationManifest I have specified the corresponding certificate to decrypt the secret:

<Certificates>
    <SecretsCertificate Name="MyCert" X509FindValue="1..." X509FindValueSecondary="2..." />
</Certificates>

My secret is actually encrypted with the 2... certificate, which I specified in X509FindValueSecondary. I thought that when it does not find the certificate of X509FindValue, in my case 1..., it will fall back to looking for the certificate in X509FindValueSecondary. This is what I thought "Secondary" means. However, my application does not start:

Failed to configure certificate permissions. Error FABRIC_E_CERTIFICATE_NOT_FOUND.

What is the difference between X509FindValue and X509FindValueSecondary?

certificate azure-service-fabric service-fabric-stateless
Original Q&A
1

There are 1 answers

0
Diego Mendes On BEST ANSWER

SecretsCertificate uses the same formatting for other certificate options like ServerCertificate, ClientCertificate and so on.

What is the difference between X509FindValue and X509FindValueSecondary?

Assuming they all work the same way, the idea of X509FindValueSecondary for ServerCertificate is to be used as a rollover approach, that means:

  • Load the first certificated, if it is valid, use it
  • if first certificate expires, try load the second

In both cases, the certificate must exist, because it requires to validate the expiration dates, if you plan to have just one, you should remove the secondary.

Related Questions in CERTIFICATE

Related Questions in AZURE-SERVICE-FABRIC

Related Questions in SERVICE-FABRIC-STATELESS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions