[英]Connect to azure service fabric cluster with powershell
I'm unable to connect to my azure service fabric cluster using powershell. 我无法使用PowerShell连接到我的Azure服务结构集群。
I have created a certificate "Admin" on my computer using https://support.jetglobal.com/hc/en-us/articles/235636308-How-To-Create-a-SHA-256-Self-Signed-Certificate 我使用https://support.jetglobal.com/hc/en-us/articles/235636308-How-To-Create-a-SHA-256-Self-Signed-Certificate在我的计算机上创建了一个“Admin”证书
I have imported this certificate in my Key Vault, and added an "Admin client" authentication using "Certificate Thumbprint" authentication mode in the cluster (with the thumbprint of the created certificate) 我已在密钥保管库中导入此证书,并在群集中使用“证书指纹”身份验证模式添加了“管理客户端”身份验证(使用创建的证书的指纹)
I am using the below powershell command : 我使用下面的powershell命令:
$ClusterName= "***.francecentral.cloudapp.azure.com:19000"
$ThumbPrint= "e8*****"
Connect-serviceFabricCluster -ConnectionEndpoint $ClusterName -KeepAliveIntervalInSec 10 `
-X509Credential `
-ServerCommonName "Admin" `
-FindType FindBySubjectName `
-FindValue "Admin" `
-StoreLocation CurrentUser `
-StoreName My
As described in https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-connect-to-secure-cluster 如https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-connect-to-secure-cluster中所述
(I have also tried with -FindByThumPrint) (我也试过-FindByThumPrint)
I get FARBRIC_E_SERVER_AUTHENTICATION_FAILED: CertficateNotMatched. 我得到FARBRIC_E_SERVER_AUTHENTICATION_FAILED:CertficateNotMatched。
What did I miss ? 我错过了什么 ?
SSL certificate and SF Cluster endpoint URI must match SSL证书和SF Cluster端点URI必须匹配
There are few ways to solve this: 有几种方法可以解决这个问题:
If the Cluster Certificate was issued to a custom domain (lets say mysite.mydomain.com
) you need to use that custom domain URL into $ClusterName
. 如果群集证书已发布到自定义域(例如
mysite.mydomain.com
),则需要将该自定义域URL用于$ClusterName
。 Also both mysite.mydomain.com
and ***.francecentral.cloudapp.azure.com
must resolve to the same IP address. mysite.mydomain.com
和***.francecentral.cloudapp.azure.com
必须解析为相同的IP地址。
You can also fix it by creating new certificate and pointing it to ***.francecentral.cloudapp.azure.com
. 您也可以通过创建新证书并将其指向
***.francecentral.cloudapp.azure.com
来修复它。 After doing this, replace it with the old one in your cluster and connect by using ***.francecentral.cloudapp.azure.com
endpoint. 执行此操作后,将其替换为群集中的旧版本,并使用
***.francecentral.cloudapp.azure.com
端点进行连接。
This is not a fix but workaround. 这不是修复,而是解决方法。 You can disable certificate name check by modifying
C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config
and setting checkCertificateName
to false
. 您可以通过修改
C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config
并将checkCertificateName
设置为false
来禁用证书名称检查。 Like this ( click here ): 像这样( 点击这里 ):
<configuration><system.net><settings><servicePointManager checkCertificateName="false" /></settings><system.net></configuration>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.