SSL Certificate Prerequisites for PMC Deployments

You need an SSL certificate for production deployments. Wildcards are not supported for production deployments. The PMC deployment wizard can generate an SSL certificate for evaluation deployments.

The DNS of the SSL certificate forms the URL for PMC, so you should be able to relate it to PMC.

 

Service Fabric does not accept SSL certificates which have been provisioned with Cryptography API: Next Generation (CNG) based providers. Your SSL certificate must be provisioned with a CryptoAPI Cryptography Service provider.

If you use a Subject Alternative Name (SAN) on the SSL, the SAN must include the core domain name.

If you use an SSL certificate that is trusted by a global provider, you do not need to perform any further steps. If your SSL certificate is not trusted by a global provider, however, you need to install the root of your SSL certificate into the trusted root of the local machine of the node where you install PMC before you can log in to PMC:

To install the root of your SSL certificate:

  1. Copy the CER portion of your root certificate to the node where you installed PMC. By default, this is the first node.
  2. Double-click the certificate and select Install Certificate.
  3. Select Local Machine and click Next.
  4. Select Place all certificates in the following store and click Browse.
  5. Select the second option, Trusted Root Certification Authorities, and click OK.
  6. Click Next and then Finish to complete the installation.

The PMC deployment wizard generates the remainder of the PMC certificate chain that is required.

Before you continue, you need to know the DNS of your SSL certificate so you can set up your chosen method of authentication.

PMC Certificate Chain

PMC certificate chain

PMC uses certificate-based security to ensure identity and communications security. The image depicts the relationship of the certificates used in the system. Customers are expected to use certificates generated by the deployment tool. This information is provided for transparency and to assist where certificates created outside the PMC deployment tool are desired.