Merge pull request #42530 from rwike77/certupgrade

adding warning about sharing certs and ports

Author: PRMerger18

articles/service-fabric/service-fabric-assign-policy-to-endpoint.md

@@ -41,6 +41,11 @@ For an HTTPS endpoint, also indicate the name of the certificate to return to th
 </Policies
 ```
 
+> [!WARNING] 
+> When using HTTPS, do not use the same port and certificate for different service instances (independant of the application) deployed to the same node. Upgrading two different services using the same port in different application instances will result in an upgrade failure. For more information, see [Upgrading multiple applications with HTTPS endpoints
+](service-fabric-application-upgrade.md#upgrading-multiple-applications-with-https-endpoints).
+> 
+
 <!--Every topic should have next steps and links to the next logical set of content to keep the customer engaged-->
 For next steps, read the following articles:
 * [Understand the application model](service-fabric-application-model.md)

articles/service-fabric/service-fabric-service-manifest-resources.md

@@ -102,7 +102,11 @@ The HTTPS protocol provides server authentication and is also used for encryptin
 > [!NOTE]
 > A service’s protocol cannot be changed during application upgrade. If it is changed during upgrade, it is a breaking change.
 > 
-> 
+
+> [!WARNING] 
+> When using HTTPS, do not use the same port and certificate for different service instances (independant of the application) deployed to the same node. Upgrading two different services using the same port in different application instances will result in an upgrade failure. For more information, see [Upgrading multiple applications with HTTPS endpoints
+](service-fabric-application-upgrade.md#upgrading-multiple-applications-with-https-endpoints).
+>
 
 Here is an example ApplicationManifest that you need to set for HTTPS. The thumbprint for your certificate must be provided. The EndpointRef is a reference to EndpointResource in ServiceManifest, for which you set the HTTPS protocol. You can add more than one EndpointCertificate.  
 
@@ -151,11 +155,11 @@ For Linux clusters, the **MY** store defaults to the folder **/var/lib/sfcerts**
 
 ## Overriding Endpoints in ServiceManifest.xml
 
-In the ApplicationManifest add a ResourceOverrides section which will be a sibling to ConfigOverrides section. In this section you can specify the override for the Endpoints section in the resources section specified in the Service manifest. Overriding endpoints is supported in runtime 5.7.217/SDK 2.7.217 and higher.
+In the ApplicationManifest add a ResourceOverrides section, which will be a sibling to ConfigOverrides section. In this section, you can specify the override for the Endpoints section in the resources section specified in the Service manifest. Overriding endpoints is supported in runtime 5.7.217/SDK 2.7.217 and higher.
 
 In order to override EndPoint in ServiceManifest using ApplicationParameters change the ApplicationManifest as following:
 
-In the ServiceManifestImport section add a new section "ResourceOverrides"
+In the ServiceManifestImport section, add a new section "ResourceOverrides".
 
 ```xml
 <ServiceManifestImport>
@@ -185,13 +189,13 @@ In the Parameters add below:
   </Parameters>
 ```
 
-While deploying the application now you can pass in these values as ApplicationParameters for example:
+While deploying the application you can pass in these values as ApplicationParameters.  For example:
 
 ```powershell
 PS C:\> New-ServiceFabricApplication -ApplicationName fabric:/myapp -ApplicationTypeName "AppType" -ApplicationTypeVersion "1.0.0" -ApplicationParameter @{Port='1001'; Protocol='https'; Type='Input'; Port1='2001'; Protocol='http'}
 ```
 
-Note: If the values provide for the ApplicationParameters is empty we go back to the default value provided in the ServiceManifest for the corresponding EndPointName.
+Note: If the values provide for the ApplicationParameters is empty, we go back to the default value provided in the ServiceManifest for the corresponding EndPointName.
 
 For example: