How to set up new password for the cluster certificate to connect to SFC in the VSTS Pipeline

How to set up new password for the cluster certificate to connect to Service Fabric Cluster in the VSTS Pipeline

This article helps you to set up new password for the cluster certificate which one can use in release pipeline to deploy your application to SF cluster.

Scenario : Adding the base-64 encoding of the client certificate file which is NOT PASSWORD protected when setting up the “New Service Fabric Connection” in the release pipeline will lead to deployment failure.

Below is the sample of the error:

“2020-10-15T20:58:45.3232533Z ##[debug]System.Management.Automation.RuntimeException: An error occurred attempting to import the certificate. Ensure that your service endpoint is configured properly with a correct certificate value and, if the certificate is password-protected, a valid password. Error message: Exception calling 'Import' with '3' argument(s): 'The specified network password is not correct.”

Steps to set new password for Cluster certificate:

1. Download the relevant cluster certificate from the Key vault to local machine. 

         AzurePortal- > Key Vaults Resource -> Certificate- > Select the cluster certificate.

2. Install the certificate to local machine store with marking key as exportable. 

3. To set up new password, follow below PowerShell Script:

         a. # Retrieve the Certificate object from the certificate store
             $SelfSignedCert = Get-ChildItem Cert:\LocalMachine\My -DnsName "<clustername>.<clusteregion>.cloudapp.azure.com"

         b. # Create a password
             $certpwd = ConvertTo-SecureString -String "password" -Force –AsPlainText

         c. # Export certificate as PFX Certificate Archive (cert and key)
             Export-PfxCertificate -Cert $SelfSignedCert -FilePath C:\Temp\SelfSignedCert.pfx -Password $certpwd

Note: Now the Client/ Cluster certificate is password protected, one can convert into base-64 encode(Step 4) to use in the Release pipeline

4. Convert the certificate into base-64 encoded representation of the certificate using PowerShell. 

         [System.Convert]::ToBase64String([System.IO.File]::ReadAllBytes("C:\Temp\SelfSignedCert.pfx"))

Please refer to below article to Deploy an application with CI/CD to a Service Fabric cluster:

Reference: https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/service-fabric/service-fabric-tutorial-deploy-app-with-cicd-vsts.md#create-a-release-pipeline