1. Create the Azure service fabric cluster from portal

  2. select the basic on security, where the server certificate will be created by portal and stored in the key vault
  3. go to the key vault and download the generated server certificate to local.
  4. open PowerShell

    Get-ChildItem -Path "Cert:\LocalMachine\CA" 
    

    get the list of certificates and find the generated server certificate and note the thumbprint and subject

 $cert = Get-ChildItem -Path "Cert:\LocalMachine\CA\Thumbprint" 

load the cert to variable $cert

 New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=eastus.cloudapp.azure.com" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" `
-Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2") 

create client certificate

  1. export the client certificate to local pfx
  2. generate base64 version. [System.Convert]::ToBase64String([System.IO.File]::ReadAllBytes("C:\users\userid\Documents\pandaciclient.pfx"))