In two previous posts I explained [how to setup TLS for a local Azure Service Fabric cluster][1] and [how to configure this for a cluster running on Azure][2]. In this post I describe how to setup client certificate authentication for the same API endpoint. Client certificate authentication requires that a client can only access the API with a client authentication certificate (certificate purpose [1.3.6.1.5.5.7.3.2][7]).
4 posts tagged with "certificates"
View All TagsCustom domain name and certificate for your Azure Service Fabric cluster
This is a follow-up to my [previous post][1] about getting TLS working on a local Azure Service Fabric cluster. This time I'm aiming for the real goal: running a custom API endpoint (micro-service) on a custom domain name behind https on a cluster running on Azure.
Running a local Azure Service Fabric cluster on SSL/TLS
[Azure Service Fabric][1] is Microsofts [micro-services][2] platform. Well, it's actually more than that but that is all well-documented in other places on the interwebs.
It is relatively new and documentation is still a bit behind so I had some trouble in getting the following setup working:
- I want to run my production cluster on a domain name that is not the default. So instead of
mycluster.westeurope.cloudapp.azure.com
I wantmy-api.my-services.nl
. - The custom API endpoint that is exposed through my cluster should run on
https
and not the defaulthttp
.
Let's Encrypt certificates for ASP.NET Core on Azure
[Let's Encrypt][1] is a new certificate authority that provides free certificates for web server validation. It issues [domain-validated][2] (DV) certificates meaning that the certificate authority has proven that the requesting party has control over some DNS domain (more on that later). And the best thing: it's fully automated through an [API][4] and a [command-line client][3].
Free DV certificates seem to be the new trend nowadays with Symantec being the next player in the market [announcing][5] they're giving them away for free. Let's Encrypt issued their [first][7] certificate on September 14, 2015 and announced on March 8, 2016 that they were at one million after just three months in [public beta][8].