Azure Front Door SSL Certificate Mismatch with IIS Backend – 502 Error

Question

Azure Front Door SSL Certificate Mismatch with IIS Backend – 502 Error

Avinash 25

A customer has an application hosted on a VM running IIS, and it is using Azure Front Door (AFD). The AFD configuration uses the public IP of the VM as the host origin, with the domain name rhino.micology.com configured in DNS and pointing to the AFD endpoint. The AFD host header rhino.micology.com is used in the origin group to route traffic to the VM, where the SSL certificate is implemented.

we have a new wild card certificate; SSL validation is enabled in AFD, along with health probes. However, when attempting to browse the application, a 502 error occurs, and the AFD logs indicate an SSL certificate mismatch error. Testing with a subdomain pointing to the VM and configuring it in AFD works successfully. A solution is needed for the SSL certificate mismatch issue with the primary domain.

Ganesh Patapati 4,320 Reputation points Microsoft External Staff

2025-03-07T08:49:08.48+00:00

Hello Avinash

Greetings!

Can you please update us if the action plan provided by was helpful?

Should there be any follow-up questions or concerns, please let us know and we shall try to address them.
Ganesh Patapati 4,320 Reputation points Microsoft External Staff

2025-03-10T17:33:02.7266667+00:00

Hello Avinash

Greetings!

Can you please update us if the action plan provided by was helpful?

Should there be any follow-up questions or concerns, please let us know and we shall try to address them

1 answer

Your answer

Ganesh Patapati 4,320 Reputation points Microsoft External Staff

2025-03-07T08:49:08.48+00:00

Hello Avinash

Greetings!

Can you please update us if the action plan provided by was helpful?

Should there be any follow-up questions or concerns, please let us know and we shall try to address them.
Ganesh Patapati 4,320 Reputation points Microsoft External Staff

2025-03-10T17:33:02.7266667+00:00

Hello Avinash

Greetings!

Can you please update us if the action plan provided by was helpful?

Should there be any follow-up questions or concerns, please let us know and we shall try to address them

Answer 1

Hi Avinash

Greetings!

The 502 error with an SSL certificate mismatch in Azure Front Door (AFD) typically indicates that the SSL certificate presented by the origin (your VM running IIS) does not match the domain name being requested

1). In IIS, check the bindings for your site:

Open IIS Manager.
Select your site and click on "Bindings" in the right-hand menu.
Ensure that the binding for HTTPS is set to the correct IP address (or "All Unassigned") and that the correct SSL certificate is selected.

2). You can use tools like SSL Labs to test the SSL configuration of your VM and see if there are any issues with the certificate chain.

3). Test accessing the application directly using the public IP of the VM or the domain name rhino.micology.com to ensure that it is reachable, and that the SSL certificate is working correctly without AFD in the middle.

Meantime,

Could you please share the VM public IP address via Private messages to troubleshoot the SSL configuration on the domain.

Can you please update us if the action plan provided by was helpful?

Should there be any follow-up questions or concerns, please let us know and we shall try to address them.

Ganesh Patapati 4,320 Reputation points Microsoft External Staff

2025-03-11T10:15:39.1666667+00:00

Hi Avinash

Can you please update us if the action plan provided by was helpful?
Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

Share via

Azure Front Door SSL Certificate Mismatch with IIS Backend – 502 Error

1 answer

Your answer