ServiceFabric Secrets encrypted with certificate inside X509FindValueSecondary
up vote
0
down vote
favorite
I have an encrypted application secret.
In my ApplicationManifest I have specified the corresponding certificate to decrypt the secret:
<Certificates>
<SecretsCertificate Name="MyCert" X509FindValue="1..." X509FindValueSecondary="2..." />
</Certificates>
My secret is actually encrypted with the 2... certificate, which I specified in X509FindValueSecondary. I thought that when it does not find the certificate of X509FindValue, in my case 1..., it will fall back to looking for the certificate in X509FindValueSecondary. This is what I thought "Secondary" means.
However, my application does not start:
Failed to configure certificate permissions. Error FABRIC_E_CERTIFICATE_NOT_FOUND.
What is the difference between X509FindValue and X509FindValueSecondary?
certificate azure-service-fabric service-fabric service-fabric-stateless
asked Nov 9 at 17:10
halllo
214211
add a comment |
up vote
0
down vote
favorite
I have an encrypted application secret.
In my ApplicationManifest I have specified the corresponding certificate to decrypt the secret:
<Certificates>
<SecretsCertificate Name="MyCert" X509FindValue="1..." X509FindValueSecondary="2..." />
</Certificates>
My secret is actually encrypted with the 2... certificate, which I specified in X509FindValueSecondary. I thought that when it does not find the certificate of X509FindValue, in my case 1..., it will fall back to looking for the certificate in X509FindValueSecondary. This is what I thought "Secondary" means.
However, my application does not start:
Failed to configure certificate permissions. Error FABRIC_E_CERTIFICATE_NOT_FOUND.
What is the difference between X509FindValue and X509FindValueSecondary?
certificate azure-service-fabric service-fabric service-fabric-stateless
asked Nov 9 at 17:10
halllo
214211
What did you specify asX509FindType?
– LoekD
Nov 11 at 9:59
Nothing. Should be default="FindByThumbprint".
– halllo
Nov 12 at 9:43
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I have an encrypted application secret.
In my ApplicationManifest I have specified the corresponding certificate to decrypt the secret:
<Certificates>
<SecretsCertificate Name="MyCert" X509FindValue="1..." X509FindValueSecondary="2..." />
</Certificates>
My secret is actually encrypted with the 2... certificate, which I specified in X509FindValueSecondary. I thought that when it does not find the certificate of X509FindValue, in my case 1..., it will fall back to looking for the certificate in X509FindValueSecondary. This is what I thought "Secondary" means.
However, my application does not start:
Failed to configure certificate permissions. Error FABRIC_E_CERTIFICATE_NOT_FOUND.
What is the difference between X509FindValue and X509FindValueSecondary?
certificate azure-service-fabric service-fabric service-fabric-stateless
asked Nov 9 at 17:10
halllo
214211
I have an encrypted application secret.
In my ApplicationManifest I have specified the corresponding certificate to decrypt the secret:
<Certificates>
<SecretsCertificate Name="MyCert" X509FindValue="1..." X509FindValueSecondary="2..." />
</Certificates>
My secret is actually encrypted with the 2... certificate, which I specified in X509FindValueSecondary. I thought that when it does not find the certificate of X509FindValue, in my case 1..., it will fall back to looking for the certificate in X509FindValueSecondary. This is what I thought "Secondary" means.
However, my application does not start:
Failed to configure certificate permissions. Error FABRIC_E_CERTIFICATE_NOT_FOUND.
What is the difference between X509FindValue and X509FindValueSecondary?
certificate azure-service-fabric service-fabric service-fabric-stateless
certificate azure-service-fabric service-fabric service-fabric-stateless
asked Nov 9 at 17:10
halllo
214211
asked Nov 9 at 17:10
halllo
214211
asked Nov 9 at 17:10
halllo
214211
asked Nov 9 at 17:10
halllo
214211
asked Nov 9 at 17:10
halllo
214211
214211
What did you specify asX509FindType?
– LoekD
Nov 11 at 9:59
Nothing. Should be default="FindByThumbprint".
– halllo
Nov 12 at 9:43
add a comment |
What did you specify asX509FindType?
– LoekD
Nov 11 at 9:59
Nothing. Should be default="FindByThumbprint".
– halllo
Nov 12 at 9:43
What did you specify as
X509FindType?– LoekD
Nov 11 at 9:59
What did you specify as
X509FindType?– LoekD
Nov 11 at 9:59
Nothing. Should be default="FindByThumbprint".
– halllo
Nov 12 at 9:43
Nothing. Should be default="FindByThumbprint".
– halllo
Nov 12 at 9:43
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
accepted
SecretsCertificate uses the same formatting for other certificate options like ServerCertificate, ClientCertificate and so on.
What is the difference between X509FindValue and X509FindValueSecondary?
Assuming they all work the same way, the idea of X509FindValueSecondary for ServerCertificate is to be used as a rollover approach, that means:
- Load the first certificated, if it is valid, use it
- if first certificate expires, try load the second
In both cases, the certificate must exist, because it requires to validate the expiration dates, if you plan to have just one, you should remove the secondary.
answered Nov 15 at 12:05
Diego Mendes
4,1071826
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53230383%2fservicefabric-secrets-encrypted-with-certificate-inside-x509findvaluesecondary%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
accepted
SecretsCertificate uses the same formatting for other certificate options like ServerCertificate, ClientCertificate and so on.
What is the difference between X509FindValue and X509FindValueSecondary?
Assuming they all work the same way, the idea of X509FindValueSecondary for ServerCertificate is to be used as a rollover approach, that means:
- Load the first certificated, if it is valid, use it
- if first certificate expires, try load the second
In both cases, the certificate must exist, because it requires to validate the expiration dates, if you plan to have just one, you should remove the secondary.
answered Nov 15 at 12:05
Diego Mendes
4,1071826
add a comment |
up vote
0
down vote
accepted
SecretsCertificate uses the same formatting for other certificate options like ServerCertificate, ClientCertificate and so on.
What is the difference between X509FindValue and X509FindValueSecondary?
Assuming they all work the same way, the idea of X509FindValueSecondary for ServerCertificate is to be used as a rollover approach, that means:
- Load the first certificated, if it is valid, use it
- if first certificate expires, try load the second
In both cases, the certificate must exist, because it requires to validate the expiration dates, if you plan to have just one, you should remove the secondary.
answered Nov 15 at 12:05
Diego Mendes
4,1071826
add a comment |
up vote
0
down vote
accepted
up vote
0
down vote
accepted
SecretsCertificate uses the same formatting for other certificate options like ServerCertificate, ClientCertificate and so on.
What is the difference between X509FindValue and X509FindValueSecondary?
Assuming they all work the same way, the idea of X509FindValueSecondary for ServerCertificate is to be used as a rollover approach, that means:
- Load the first certificated, if it is valid, use it
- if first certificate expires, try load the second
In both cases, the certificate must exist, because it requires to validate the expiration dates, if you plan to have just one, you should remove the secondary.
answered Nov 15 at 12:05
Diego Mendes
4,1071826
SecretsCertificate uses the same formatting for other certificate options like ServerCertificate, ClientCertificate and so on.
What is the difference between X509FindValue and X509FindValueSecondary?
Assuming they all work the same way, the idea of X509FindValueSecondary for ServerCertificate is to be used as a rollover approach, that means:
- Load the first certificated, if it is valid, use it
- if first certificate expires, try load the second
In both cases, the certificate must exist, because it requires to validate the expiration dates, if you plan to have just one, you should remove the secondary.
answered Nov 15 at 12:05
Diego Mendes
4,1071826
answered Nov 15 at 12:05
Diego Mendes
4,1071826
answered Nov 15 at 12:05
Diego Mendes
4,1071826
answered Nov 15 at 12:05
Diego Mendes
4,1071826
4,1071826
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53230383%2fservicefabric-secrets-encrypted-with-certificate-inside-x509findvaluesecondary%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
What did you specify as
X509FindType?– LoekD
Nov 11 at 9:59
Nothing. Should be default="FindByThumbprint".
– halllo
Nov 12 at 9:43