How to configure SSL on a self hosted Web API in Azure Service Fabric

Question

I have followed this article to setup an OWIN self hosted Web API within an Azure service fabric stateless service.

I also found this article which describes setting

Answer 1

To secure an OWIN Self-Hosted API in SF with SSL, you can follow the different scripts and example config I've compiled:

https://gist.github.com/andersosthus/c483eaf8630219c789de

The basic flow goes like this:

1. Upload a certificate to KeyVault (uploadCertToKeyVault.ps1)
2. Install the certificate to your SF VMs (installCertOnVm.ps1)
3. Configure the Endpoint section of your ServiceManifest
4. Configure the ManifestImport and Policy section of your application manifest

Step 1 & 2 can be skipped, but then you need to log in to each VM and install the certificate manually.

For VMSS: To install certificates from KeyVault onto a VMSS with ARM, do the following: In your VMSS template, under the OSProfile section, there is section called secrets. Here you can configure the sourcevault and add certificates to be installed.

This works like all other ARM templates. You can add a certificate to this list at a later point and redeploy the template. The certificate will then be installed on your VMSS.