I have an encrypted application secret.
In my ApplicationManifest I have specified the corresponding certificate to decrypt the secret:
<Certificates>
<SecretsCertificate Name="MyCert" X509FindValue="1..." X509FindValueSecondary="2..." />
</Certificates>
My secret is actually encrypted with the 2...
certificate, which I specified in X509FindValueSecondary
. I thought that when it does not find the certificate of X509FindValue
, in my case 1...
, it will fall back to looking for the certificate in X509FindValueSecondary
. This is what I thought "Secondary" means.
However, my application does not start:
Failed to configure certificate permissions. Error FABRIC_E_CERTIFICATE_NOT_FOUND.
What is the difference between X509FindValue
and X509FindValueSecondary
?
SecretsCertificate
uses the same formatting for other certificate options likeServerCertificate
,ClientCertificate
and so on.Assuming they all work the same way, the idea of X509FindValueSecondary for
ServerCertificate
is to be used as a rollover approach, that means:In both cases, the certificate must exist, because it requires to validate the expiration dates, if you plan to have just one, you should remove the secondary.