This step 7 of 10 in the post-serie “How-To: How installing a secure Service Azure Fabric Cluster (ASF) with Azure Resource Management (ARM) Template”. In this step we are going to upload the certificates to Key Vault, so they can be used by the installation of the ASF.

Overview of the steps
01. Create and import the certificates
02. Register SF Application in AAD and create AppKey
03. Generate encrypted AppKey
04. Lookup the service principles
05. Create the Key Vaults with ARM
06. Adjust the SF Application settings
07. [CURRENT] Upload certificates to Key Vault
08. Register the Service Fabric System Applications
09. Install SF Cluster with ARM
10. Coming soon!
Step 07: Upload certificate to Key Vault

As mentioned in the pre-requirements you must have 2 certificates. These certificates must be upload to Key Vault InstallCert, so it can be used by the installation of the Service Fabric Cluster.

Upload Data Encipherment certificate
With the following powershell command:
Import-AzureKeyVaultCertificate -VaultName '<vaultname of InstallCert>' -Name 'dataenciphermentcert' -FilePath '<D:\temp\Blog\ASFDataEncipherment.pfx' -Password (ConvertTo-SecureString -String '<Password you set when creating certificate>' -AsPlainText -Force)

Adjust the following values:

  • VaultName: The name of your Key Vault for Installing Certificates (see step 05)
  • FilePath: To the location of your data EnciPherment certificate (see step 01)
  • Password: The password you used to create the certificate, (see step 01)
  • Name: Name of the certificate in the KeyVault, must be equal to the value in ApplicationParameters of your SF Application (see end of step 06)

Note: Be sure to set the right subscription!

Upload SFCluster Certificate
With the following powershell command:
Import-AzureKeyVaultCertificate -VaultName '<vaultname>' -Name '<Name of certificate>' -FilePath 'D:\temp\Blog\ASFExplorer.pfx' -Password (ConvertTo-SecureString -String '<Password you set when creating certificate>' -AsPlainText -Force)

Adjust the following values:

  • VaultName: The name of your Key Vault for Installing Certificates (see step 05)
  • FilePath: To the location of your SF Explorer certificate (see step 01)
  • Password: The password you used to create the certificate, (see step 01)
  • Name: Name (any name you want) of the certificate in the KeyVault.

Note: Be sure to set the right subscription!

Look up Secret Identifier of the uploaded certificates

  • Go to Azure Portal and to the Resource Group of the Key Vaults.
  • Click on the Key Vault Install Cert
  • Click on the first uploaded certificate
  • Click on Current Version
  • Remember/Write down the value in Secret Identifier.
  • Do the same for the other certificate

Lookup Resource Id of the Key Vault

  • Go to the main screen of the Key Vault
  • Click on Properties
  • Remember/Write down the value in RESOURCE ID.

Next step: Step 08 – Register the Service Fabric System Applications