Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
776 questions
Azure Front Door SSL Certificate Mismatch with IIS Backend – 502 Error
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 8%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Avinash
25
Reputation points
A customer has an application hosted on a VM running IIS, and it is using Azure Front Door (AFD). The AFD configuration uses the public IP of the VM as the host origin, with the domain name rhino.micology.com configured in DNS and pointing to the AFD endpoint. The AFD host header rhino.micology.com is used in the origin group to route traffic to the VM, where the SSL certificate is implemented.
we have a new wild card certificate; SSL validation is enabled in AFD, along with health probes. However, when attempting to browse the application, a 502 error occurs, and the AFD logs indicate an SSL certificate mismatch error. Testing with a subdomain pointing to the VM and configuring it in AFD works successfully. A solution is needed for the SSL certificate mismatch issue with the primary domain.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 71%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
Ganesh Patapati 4,150 Reputation points Microsoft External Staff2025-03-06T12:07:25.5633333+00:00 Hi Avinash
Greetings!
The 502 error with an SSL certificate mismatch in Azure Front Door (AFD) typically indicates that the SSL certificate presented by the origin (your VM running IIS) does not match the domain name being requested
1). In IIS, check the bindings for your site:
- Open IIS Manager.
- Select your site and click on "Bindings" in the right-hand menu.
- Ensure that the binding for HTTPS is set to the correct IP address (or "All Unassigned") and that the correct SSL certificate is selected.
2). You can use tools like SSL Labs to test the SSL configuration of your VM and see if there are any issues with the certificate chain.
3). Test accessing the application directly using the public IP of the VM or the domain name
rhino.micology.comto ensure that it is reachable, and that the SSL certificate is working correctly without AFD in the middle.Meantime,
- Could you please share the VM public IP address via Private messages to troubleshoot the SSL configuration on the domain.
Can you please update us if the action plan provided by was helpful?
Should there be any follow-up questions or concerns, please let us know and we shall try to address them.
-
Ganesh Patapati 4,150 Reputation points Microsoft External Staff
2025-03-07T08:49:08.48+00:00 Hello Avinash
Greetings!
Can you please update us if the action plan provided by was helpful?
Should there be any follow-up questions or concerns, please let us know and we shall try to address them.
Sign in to comment
Sign in to answer