Azure-docs: Incomplete details on the requirements for cluster certificates

In the “Cluster and server certificate (required)” section of the page detailing how to configure a new cluster the list of requirements for the cluster management certificate is incomplete.

After experiencing severe issues in connecting with a new cluster, it has become apparent that in addition to the listed criteria you must also include the fully qualified address of the cluster in the list of DNS names when creating a self-signed certificate (shown as "Subject Alternative Name" when viewing the details of the created certificate in KeyVault).

Without this the certificate fails validation in the Connect-ServiceFabricCluster. When using the command directly in powershell this can be worked around using the -SkipChecks flag, but it precludes the certificate being used in Azure DevOps release pipeline connections)

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 34cbfa4b-29fd-01f3-2af4-402d500ca8d0
• Version Independent ID: dce1b342-4873-750b-700c-771693e8a2de
• Content: Create a Service Fabric cluster in the Azure portal - Azure Service Fabric
• Content Source: articles/service-fabric/service-fabric-cluster-creation-via-portal.md
• Service: service-fabric
• GitHub Login: @erikadoyle
• Microsoft Alias: edoyle