I have my cluster setup with a reverse proxy set at port 8080. I now want to change the certificate used on the reverse proxy.
I added the new certificate to my KeyVault, and referenced it in vaultCertificates
in the Microsoft.Compute/virtualMachineScaleSets
ARM template. Pushed it, waited until it completed, RDP'd into each node and verified that the new certificate was installed.
I updated one of my front facing applications to use the new certificate and it worked fine (thus verifying that it could find it by the thumbprint).
I then modified reverseProxyCertificate.thumbprint
in the Microsoft.ServiceFabric/clusters
ARM template to reflect the new thumbprint. Pushed this and waited. And waited. And waited. After about an hour my cluster status went from "Updating" to "Ready" (although in my activity log the Write Clusters
operation still says Started
)
Now, when I go to https://{mycluster}.ukwest.cloudapp.azure.com:8080/ it is still serving up the old certificate.
I RDP'd into one of my nodes and opened up D:\\SvcFab\\FabricHostSettings.xml
and under ApplicationGateway/Http
, GatewayX509CertificateFindValue
has the correct (new) value.
Looking here , I know it's for a local cluster, but it should be similar to one hosted on Azure, the last step is "Start and complete cluster upgrade". I can't find how, or if you're meant to, do this in Azure. I know for a fact that you can't just restart the VMSS, or it messes everything up!
Have I missed something?
See:
Cluster must be initially created with RP cert that is different from cluster cert.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.