Share via

Service Fabric Explorer Access 403:Client certificate required

偉球 董 20 Reputation points
2025-09-12T03:59:53.88+00:00

Last month, I was able to access Service Fabric Explorer without any issues.

However, starting this month, I am being prompted to provide client credentials.

I have not made any changes to the Service Fabric cluster configuration, and client credential verification was never explicitly enabled. Could you please help me understand why this behavior has changed and how to resolve it?

Azure Service Fabric
Azure Service Fabric
An Azure service that is used to develop microservices and orchestrate containers on Windows and Linux.
0 comments
Answer accepted by question author
  1. Jilakara Hemalatha 3,115 Reputation points Microsoft External Staff Moderator
    2025-09-12T06:16:21.78+00:00

    Hi **偉球 董,
    **
    Thanks for bringing up this issue. From the details you mentioned "403 error" stating "Client certificate required" indicates that Service Fabric Explorer is currently configured to require client certificate authentication. This means either the necessary certificate is missing, expired, or not properly configured.

    Even if no configuration changes were made manually, there could have been an automatic update applied by the service provider that changed the default security behavior.

    For Azure Service Fabric Managed Clusters, client certificate authentication is enforced by default after certain platform updates. This is a security best practice to prevent unauthorized access and ensure secure communication with the cluster control plane.

    Reference to know about managed cluster:https://free.blessedness.top/en-us/azure/service-fabric/quickstart-managed-cluster-portal

    Please check the below steps:

    Check if a certificate is configured in your cluster or not

    • Navigate to Service Fabric → Security.
    • Verify whether a certificate is present and check its expiry date.
    • If no certificate exists, Create a new certificate. For testing purposes, you can generate a self-signed certificate using PowerShell in your local machine
    New-SelfSignedCertificate -CertStoreLocation cert:\CurrentUser\My -DnsName <your-dns-name>

    After creating the certificate, import it to Azure Key Vault and configure it in Service Fabric.

    Please refer the below link to create certificate:

    https://free.blessedness.top/en-us/azure/service-fabric/service-fabric-cluster-security-update-certs-azure

    cxp.azure.com/communityinsider/cases/mycases?tenant=cxpcom&caseid=cxpcom_MicrosoftQnA_5543876&tab=basic info

    To know more about security and certificate on Service fabric please refer below documentations:

    https://free.blessedness.top/en-us/azure/service-fabric/service-fabric-cluster-security

    https://free.blessedness.top/en-us/azure/service-fabric/cluster-security-certificate-management

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.