Azure Service Fabric | Adding Application Certificate to the Linux Cluster.
Published Aug 09 2019 06:22 AM 5,185 Views


I wanted to add an Application Certificate to the Service Fabric Cluster. I searched online and found that using the command Add-AzServiceFabricApplicationCertificatewe can add a certificate to the Cluster. However, I was getting below error while doing it.


Error Message: “No VMSS was found under resource group: ServiceFabric_RG with servicefabric extension and cluster id: bxxxxxxxxx-15ab-4cde-servicefabric”





Cause and Resolution

The cmdlet AzServiceFabricApplicationCertificate works only on Windows based Azure Service Fabric Cluster.


You can’t use az sf application certificate add CLI command as this is deprecated.  If you use this CLI command it will fail with az : ERROR: add_app_cert() missing 1 required positional argument: 'client' error.


You should be using Add-AzVmssSecret command instead to add certificates to the clusters (This command works for both Windows and Linux clusters) -



$cert = Get-AzKeyVaultCertificate -VaultName '<Key Vault Name>' -Name '<Certificate Name>'

$Vault = Get-AzKeyVault -VaultName '<Key Vault Name>'

$CertConfig = New-AzVmssVaultCertificateConfig -CertificateUrl $cert.SecretId

$VMSS = Get-AzVmss -ResourceGroupName '<Resource Group Name>'  -VMScaleSetName '<VMSS Name>'

Add-AzVmssSecret -VirtualMachineScaleSet $VMSS -SourceVaultId $Vault.ResourceId -VaultCertificate $CertConfig | Update-AzVmss



Please note that if you use the above script, then it’ll add a new sourceVault section to the VMSS.


Hence, you need to create a new key vault in the same location as of the previous key vault and then create a new certificate inside it. You can’t add a new vaultCertificates entry to sourceVault using this command.


This and the alternate approach have been documented here:


Author: @mrkarMSFT 

Version history
Last update:
‎Sep 15 2020 06:05 AM
Updated by: