I try to add a HTTP setting to my Azure gateway, using HTTPS protocol and click yes for use for a App service to yes, but this error show up every time i try to save.
Failed to save configuration changes to application gateway 'X-applicationgateway'. Error: BackendHttpSetting X-applicationgateway/test must reference authentication certificate. Either all BackendHttpSettings must reference authentication certificate, or none of them should.
But i dont understand the error, because when you choose yes for the option use for a App service, you can't even choose/reate a certificate.
You need to use PowerShell to create Trusted Root certificate.
Here is the documentation: https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-end-to-end-ssl-powershell#create-an-application-gateway-configuration-object
To add to this when you try to add new https setting with trusted root certificate while there is another https setting already existing without it. Try by removing existing setting and adding it again with cert.
Related
Firstly I had working custom subdomain for my appservice.
Then I bought SSL wildcard Certificate and then generated pfx file with password. Next I uploaded certificate using Upload Certificate under Private Key Certificates. Certificate has Health Status = Healthy.
Finally, under binding tab I added TLS/SSL binging for my custom domain, choosen this certificate and its type = SNI SSL. Everything seems to be fine, undet custom domain there is SSL State = Secure and SSL Binding = SNI SSL.
When I go to my website - there is no information about any certificates.
I also tried the same with Create App Service Managed Certificate - the same effect, status Healthy, but certificate does not appear on the browser.
#mateuszwdowiak It sounds like you successfully added the SSL binding.
There are two main issues that I can think of that might have proceed the unexpected results that you encountered. Firstly, it can take some time for the SSL certificates to propagate out across the web. From my experience, I've seen it take up to 3 hours. Just because the Azure portal says it's binded, does not mean it will be getting served up just yet.
Secondly, I've seen browser cache also come into play.
It's been a few days but I wanted to see if you resolved this issue. If not, can you please try re-binding your wild card cert, wait up to 3 hours, and then using a fresh browsing session, attempt to browse your site. This should resolve the matter. If not, please reply back so we can assist you further.
In one of my applications, I enabled the configuration on IIS to accept the client certificate, by enabling like the below picture. The same configuration I did on the local IIS server and it works.
but it's not working. Any configuration that I am missing..?? At least it should prompt for the Certificate.
It will prompt the client to provide a certificate only when accessing https:
You need to check whether to access the service via https.
I think you need to install the cert in cert store in current user for the browser to show up the dialog box with list of certificates
I have a cloud service and an Azure APIM instance with a self signed client cert setup on them (the cert has intended purposes of server auth and client auth).
Each API within the APIM has the client cert setup on its security. However, when I perform the call the following comes back in the trace.
"messages":["Error occured while calling backend service.","The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.","The remote certificate is invalid according to the validation procedure."
Is there anything I am missing here, searching online and cannot see anything obvious.
Yes you are correct, the option is not available in the portal to allow self-signed certificates. Here is a blogpost by Sasha Rosenbaum: http://divineops.net/enable-self-signed-certificates-in-azure-api-management-services/
Here basically you are skipping the certificate verification using "skipCertificateChainValidation" attribute.
You can create a backend entity through power shell scripts to skipcertifioc
I added a custom domain and custom certificate to my app.It seems that custom certificate is not provided when wss try to connect.
I tested http connection like https:// api.myapp.com, every thing is ok.
But if I try websocket like wss://api.myapp.com:8443, every thing is not ok.
chrome says:
failed: WebSocket opening handshake was canceled
a test tool github.com/wtmmac/websocket-tester says:
websocket.Dial wss://api.myapp.com:8443: x509: certificate is valid for *.rhcloud.com, rhcloud.com, not api.myapp.com
Is there some additional configs needed after alias-update-cert, if want to use secure websocket with custom domain?
OpenShift Online does not currently support the ability to use a Custom SSL Certificate with secure web sockets. If you would like to use wss I would suggest that you use the app-domain.rhcloud.com address that is provided for you by OpenShift.
I am attempting to add ssl to my custom domain for the windows azure websites. I have configured everything properly according to the guides, but for an unknown reason when I attempt to access my website via HTTPS, it returns with a connection denied error. the redirect still works perfectly fine with a standard HTTP request.
for reference (https://www.cryptoalias.io)
short version of method (in case I missed something):
bought a SSL cert from comodo.com
generated a .pfx from the .cer they issued to me (using iis)
uploaded .pfx to azure
verified cname: created custom domain redirect to azure
bound ssl to custom domain
configured A name redirect to the VIP azure issued me. remove cname redirect
attempt to connect to https = nothing, http works.
sorry I realize this is rather short on information, but I'm not sure what more I could provide besides the actual SSL cert.
You need to configure your cert on 2 domains: cryptoalias.io and www.cryptoalias.io. Because if you go to https://cryptoalias.io/ your cert works fine.