Ssl 在服务结构中升级客户端证书
群集配置具有群集和服务器证书的“ThumbprintSecondary”属性,以支持证书的滚动升级。如何升级客户端证书Ssl 在服务结构中升级客户端证书,ssl,x509certificate,azure-service-fabric,Ssl,X509certificate,Azure Service Fabric,群集配置具有群集和服务器证书的“ThumbprintSecondary”属性,以支持证书的滚动升级。如何升级客户端证书 "CertificateInformation": { "ClusterCertificate": { "Thumbprint": "[Thumbprint]", "ThumbprintSecondary": "[Thumbprint]", "X509StoreName": "My" }, "ServerC
"CertificateInformation": {
"ClusterCertificate": {
"Thumbprint": "[Thumbprint]",
"ThumbprintSecondary": "[Thumbprint]",
"X509StoreName": "My"
},
"ServerCertificate": {
"Thumbprint": "[Thumbprint]",
"ThumbprintSecondary": "[Thumbprint]",
"X509StoreName": "My"
},
"ClientCertificateThumbprints": [
{
"CertificateThumbprint": "[Thumbprint]",
"IsAdmin": false
},
{
"CertificateThumbprint": "[Thumbprint]",
"IsAdmin": true
}
],
"ClientCertificateCommonNames": [
{
"CertificateCommonName": "[CertificateCommonName]",
"CertificateIssuerThumbprint" : "[Thumbprint]",
"IsAdmin": true
}
]
客户端证书没有滚动过程,只需更新已识别证书指纹的列表,删除要切断其访问权限的客户端指纹,并添加新的指纹 由于在所有节点上推出并安装的只是指纹,而不是实际的证书,因此该过程比更改群集证书要快一点 如果您在同一时间更改多个指纹,我建议部署一个带有允许指纹更新列表的ARM模板,因为门户中的每次更改都会触发Service Fabric节点的更新,这确实需要一些时间。如果在ARM模板中更新整个lite,它将只作为一个更新操作结束