Updating Azure Service Fabric certificate. Why primary and secondary certificate?

Question

We are in the process of updating an expired Service Fabric cluster primary certificate. We have read most of the documentation and searched the web, but some things are still unclear.

1. What's the idea behind having a primary and secondary certificate to begin with?
2. The recommended way to update the certificate seems to be by adding a secondary certificate to the cluster (Add-AzServiceFabricClusterCertificate). Will the cluster automatically make use of the new (secondary) certificate with the furthest into the future expiry date? I think that's what the documentation is saying... If so, will the secondary certificate become the primary certificate? Otherwise I think we would be left with an expired primary certificate forever - that doesn't make much sense?!

Hope someone can shed some light on this.

/Chris

Answer 1

1. There are two certificate slots so you can always have at least one valid, working certificate. If you would have only one certificate and it would expire or be deleted, the cluster would not work.

2. Yes, Service Fabric cluster will automatically use the declared certificate with a further into the future expiration date; when more than one validate certificate is installed on the host. This doesn't make it the primary certificate, this rule also applies to the secondary certificate. If you select a certificate by its common name, multiple results may be found, and this is they way one is selected.

The process is like this:

1. upload a new secondary certificate
2. enable auto-rollover
3. delete the primary certificate after the auto rollover has completed

more info here.