How to retrieve certificate thumbprint of the local Service Fabric cluster?

Question

We have an application consisting of microservices and also using various Azure resources, like CosmosDB, Redis, EventHub.

So we have written a Powershell script, which retrieves various secrets from Azure resource group: CosmosDB connection strings and same for Redis and Eventhub. Also the SF certificate thumbprint is read from the Key Vault in the resource group. The secrets are then stored in a Json file outside the git work area.

Then in the Scripts\\Deploy-FabricApplication.ps1 we read the Json file and use the secrets to replace the placeholders:

$jsonFile = "$rootDir\secrets.json"
$secretsHashtable = @{}
(Get-Content $jsonFile| ConvertFrom-Json).psobject.properties | Foreach { $secretsHashtable[$_.Name] = $_.Value }

$ApplicationPackagePath = Resolve-Path $ApplicationPackagePath

$publishProfile = Read-PublishProfile $PublishProfileFile

if ($PublishProfileFile.EndsWith("Local.1Node.xml"))
{
    $secretsHashtable['Cluster-Host-Name'] = 'localhost'
    # TODO store the local SF certificate thumbprint in $secretsHashtable['SSL-Certificate-Find-Value']
    $publishProfile.CopyPackageParameters.CompressPackage = $true
    $OutFile = "$LocalFolder\..\ApplicationParameters\Local.1Node.xml"
}
else
{
    $OutFile = "$LocalFolder\..\ApplicationParameters\Cloud.xml"
}

# Replace $( ... ) in Cloud.Template.xml by the values from the hashtable
$TemplateFile = "$LocalFolder\..\ApplicationParameters\Template.xml"
$TemplateStr  = Get-Content $TemplateFile -Raw
$ReplacedStr  = [regex]::Replace($TemplateStr, '\$\(([\w-]+)\)', {
    param($match)
    $key = $match.Groups[1].Value
    $value = $secretsHashtable[$key]
    if ($value -ne $null)
    {
        return $value
    }
    else
    {
        throw "$key not found in $jsonFile"
    }
})

Set-Content -Path $OutFile -Value $ReplacedStr

This works for the remote publishing and debugging (from Visual Studio 2017) using Cloud.xml.

However it fails for Local.1Node.xml, because our application checks the certificate thumbprint through the entry in ServiceManifest.xml

<Endpoint Protocol="https" Name="ServiceEndpoint" 
    Type="Input" Port="9950" CertificateRef="MY_CERT" />

And thus publishing the SF app locally fails with:

My question is: how to retrieve the certificate thumbprint of the local Service Fabric SDK installation?

If I could do that, I would put it in the above script (please see the "TODO" comment)

Answer 1

I have been able to solve my problem with:

Write-Host "Retrieving thumbprint for local SF certificate... " -NoNewline
$localCert = Get-ChildItem cert:\LocalMachine\My | Where { $_.Subject -eq 'CN=AzureServiceFabric-AnonymousClient'}
Write-Host "ok"

Now I am able to debug in Visual Studio both locally and remotely (at the SF deployed in Azure).