I've created a TCP service that creates a secure SSL connection that I am trying to host in an Azure Service Fabric cluster. While there is documentation on how to load and use SSL certificates for sites and API's I can't seem to find any documentation on how I would load my cert for my service. I have loaded my cert to a key vault but now need to create an instance of X509Certificate2 to secure my tcp connection.
When I originally created my cluster it was an unsecured cluster. Simply by recreating it as a secured cluster I can now access the certificates in the vault used to secure the clusters using the the following helper method I created.
private static X509Certificate GetServerCertificate(string thumbprint)
{
string thumbprint = CertificateThumbprint;
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
var certificateCollection = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);
if (certificateCollection.Count == 0)
{
store.Close();
string errorMessage = string.Format("Unable to load certificate with thumbprint {0}", thumbprint);
throw new ApplicationException(errorMessage);
}
else
{
var certificate = new X509Certificate2(certificateCollection[0]);
store.Close();
return certificate;
}
}
Instructions on creating a secure cluster can be found here: https://azure.microsoft.com/en-us/documentation/articles/service-fabric-cluster-creation-via-arm/