4 posts tagged with "certificates"

In two previous posts I explained [how to setup TLS for a local Azure Service Fabric cluster][1] and [how to configure this for a cluster running on Azure][2]. In this post I describe how to setup client certificate authentication for the same API endpoint. Client certificate authentication requires that a client can only access the API with a client authentication certificate (certificate purpose [1.3.6.1.5.5.7.3.2][7]).

This is a follow-up to my [previous post][1] about getting TLS working on a local Azure Service Fabric cluster. This time I'm aiming for the real goal: running a custom API endpoint (micro-service) on a custom domain name behind https on a cluster running on Azure.

[Azure Service Fabric][1] is Microsofts [micro-services][2] platform. Well, it's actually more than that but that is all well-documented in other places on the interwebs.

It is relatively new and documentation is still a bit behind so I had some trouble in getting the following setup working:

• I want to run my production cluster on a domain name that is not the default. So instead of mycluster.westeurope.cloudapp.azure.com I want my-api.my-services.nl.
• The custom API endpoint that is exposed through my cluster should run on https and not the default http.

[Let's Encrypt][1] is a new certificate authority that provides free certificates for web server validation. It issues [domain-validated][2] (DV) certificates meaning that the certificate authority has proven that the requesting party has control over some DNS domain (more on that later). And the best thing: it's fully automated through an [API][4] and a [command-line client][3].

Free DV certificates seem to be the new trend nowadays with Symantec being the next player in the market [announcing][5] they're giving them away for free. Let's Encrypt issued their [first][7] certificate on September 14, 2015 and announced on March 8, 2016 that they were at one million after just three months in [public beta][8].