Using X.509 certificates, you can configure your Service Fabric cluster to allow only authorized clients to execute management commands. You can set up certificates for two types of clients – the admin client which can perform administrative operations on your cluster, and the read only client which can perform only read operations on your cluster.

To specify the client certificate to use, you can use either the certificate thumbprint or the subject name of the certificate, which also requires the issuer thumbnail. To configure the client certificate, log on to the Management Portal and select your Service Fabric instance. Select the Security option and click on the Authentication button in the Security blade. Next, enter the details of the client certificate and allow the cluster updates to propagate:

Once the cluster finishes updating, you can connect to the cluster without using the cluster certificate:

    Connect-ServiceFabricCluster 
     -ConnectionEndpoint ([your cluster dns name] + ':19000') `
          -KeepAliveIntervalInSec 10 `
          -X509Credential -ServerCertThumbprint [cluster 
                 certificate thumbprint] `
          -FindType FindByThumbprint -FindValue [client 
                 certificate] `
          -StoreLocation CurrentUser -StoreName My 

Note that since in the preceding step we provisioned the client certificate for an Admin client, the clients with this certificate will have full management capabilities of the cluster.