Ssl Certificate Injection in Service Fabric Application
Here’s a short summary, all the details follow below:
If you have multiple endpoints, make sure to give each one unique name. ServiceFabric won't complain but your service will not start.
Extend the Service Fabric Application Manifest
We added an EndpointBindingPolicy that references the https endpoint and the certificate in CertificateRef. This tells Service Fabric that for this specific service it should add a certificate to the specified endpoint.
The certificate itself has a name and a thumbprint value that is a reference to a value in an environment-specific configuration file.
Modify the generated OwinCommunicationListener
That was all the necessary Service Fabric configuration. What remains is some code changes.
When you add a new stateless API service to your Service Fabric project in Visual Studio, an OwinCommunicationListener class is added.
This class is responsible for booting a self-hosted Owin web server on the correct port number.
By default, this class assumes you never want to use https. So, what you need to do is replace this line of code (that has a hard-code http reference):
listeningAddress = string.Format(
: _appRoot.TrimEnd('/') + '/');
with this line of code:
in the OpenAsync method. The serviceEndpoint variable should already be declared somewhere in the first few lines of OpenAsync.
Add a ServiceInstanceListener
Last but not least we must tell our service that it should (also) listen on the https endpoint. This happens in the StatelessService.CreateServiceInstanceListeners method that you override in your service class, which in my case looks like this:
Note that each listener references the name of the endpoint it should listen on.