Hello Loren
Thank you for your question.
It sounds like you’ve done the initial setup correctly, but there might be a few areas to check to ensure your Web Apps use the custom SSL certificate through the Azure Application Gateway with WAF. Here’s a detailed guide to troubleshoot and resolve the issue:
- Verify Certificate Format and Chain: Ensure that the custom SSL certificate is in PFX format and includes the entire certificate chain (root, intermediates, and leaf certificate). This is crucial for establishing trust.
- Check Listener Configuration: Confirm that the listener on your Application Gateway is configured with the custom SSL certificate. The listener should not be a Basic listener, and if it’s a multi-site listener, the host name must match the certificate CN.
- Restart Application Gateway: After updating the SSL certificate, you need to restart the Application Gateway for the changes to take effect. This can be done from the Azure portal under the Operations section.
- Update SSL Binding: If your Web App is still using the old certificate, you may need to delete the IP-based TLS/SSL binding that uses the old certificate and create a new one with the custom certificate.
- Allow Backend Servers: For end-to-end TLS, Application Gateway requires backend instances to be allowed by uploading authentication/trusted root certificates. Make sure these are correctly configured.
- Troubleshoot with Azure Diagnostics: Utilize Azure’s diagnostic tools to analyze the Application Gateway and Web App configurations. Look for any errors or warnings that could indicate misconfiguration.
- Consult Azure Documentation: Review the official Microsoft documentation for Enabling end to end TLS on Azure Application Gateway and Certificates required to allow backend servers for additional troubleshooting steps and best practices.
Regards
Jonathan
---------------------
If the answer is the correct solution, click on ‘Accept answer’ and vote politely on it. If you have additional questions about this answer, click on ‘Comment’. Note: Follow the steps in our documentation to enable email notifications if you would like to receive email notifications related to this topic.