![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 74%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGT%3C/text%3E%3C/svg%3E)
Azure Service Fabric
An Azure service that is used to develop microservices and orchestrate containers on Windows and Linux.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 64%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDR%3C/text%3E%3C/svg%3E)
Yes, you can specify both the intermediate and the root CA. If your cluster explicitly requires the intermediate issuer, you must update it when replacing the old intermediate CA. If your cluster can validate certificates using only the root issuer, then no changes may be needed.
In your case, since you're replacing the intermediate CA, you need to replace the old intermediate CA with the new intermediate CA and keep the root CA if it remains unchanged.
"ClusterCertificateIssuerStores": [
{
"IssuerCommonName": "Issuer Root CA",
"X509StoreNames": "Root CA"
},
{
"IssuerCommonName": "Issuer Int CA 2", // new intermediate CA
"X509StoreNames": "Issuing CA 2"
}
]
After updating, please restart the Service Fabric cluster and validate that all services are working correctly with the new certificate paths.
Hope this helps!
Please Let me know if you have any queries.