I have an Azure Service Fabric cluster running with management endpoint https://mysf.westeurope.cloudapp.azure.com:19080/Explorer.
And I have a CNAME record:
sf.mycoolcluster.nl --> mysf.westeurope.cloudapp.azure.com and a valid certificate for sf.mycoolcluster.nl.
What I would like is to go to https://sf.mycoolcluster.nl:19080/Explorer and see my own certificate being served. However, I see no way of binding my certificate to port 19080 on the cluster so this doesn't happen.
I already configured my own certificate as the secondary SF certificate via the cluster ARM template and started using this certificate everywhere the primary certificate was used. This works fine. But still the (old) primary certificate is used by the management endpoint, resulting in a certificate validation error.
You need to setup secondary certificate by ARM template deployment, then You need to change primary with secondary (Swap) , wait 30min, delete the secondary and wait 30 min. All described here https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-security-update-certs-azure