How to enable WAF for Web Apps to respond using Application Gateway with a custom generated certificate?

Loren Oliveira 20 Pontos de reputação
2024-06-12T14:54:24.88+00:00

I am trying to configure a WAF (Web Application Firewall) on Azure so that my Web Apps respond using the Application Gateway with a custom SSL certificate that I generated through this link: https://appgwbackendcertgenerator.azurewebsites.net/.

I followed the steps to add the certificate to the Application Gateway and configured the listeners and routing rules. However, my web applications do not seem to obey the configured SSL certificate and continue to use the default Azure certificate.

Could anyone provide a detailed tutorial or guidance on how to ensure my Web Apps use the custom SSL certificate through the Application Gateway with WAF?

Microsoft Q&A
Microsoft Q&A
Use esta marca para compartilhar sugestões, solicitações de recursos e bugs com a equipe de perguntas e respostas da Microsoft. A equipe de perguntas e respostas da Microsoft avaliará seus comentários regularmente e fornecerá atualizações eventuais.
305 perguntas
0 comentários Sem comentários
{count} votos

Resposta aceita
  1. Jonathan Pereira Castillo 12,095 Pontos de reputação Fornecedor da Microsoft
    2024-06-12T17:22:05.4866667+00:00

    Hello Loren

    Thank you for your question.

    It sounds like you’ve done the initial setup correctly, but there might be a few areas to check to ensure your Web Apps use the custom SSL certificate through the Azure Application Gateway with WAF. Here’s a detailed guide to troubleshoot and resolve the issue:

    1. Verify Certificate Format and Chain: Ensure that the custom SSL certificate is in PFX format and includes the entire certificate chain (root, intermediates, and leaf certificate). This is crucial for establishing trust.
    2. Check Listener Configuration: Confirm that the listener on your Application Gateway is configured with the custom SSL certificate. The listener should not be a Basic listener, and if it’s a multi-site listener, the host name must match the certificate CN.
    3. Restart Application Gateway: After updating the SSL certificate, you need to restart the Application Gateway for the changes to take effect. This can be done from the Azure portal under the Operations section.
    4. Update SSL Binding: If your Web App is still using the old certificate, you may need to delete the IP-based TLS/SSL binding that uses the old certificate and create a new one with the custom certificate.
    5. Allow Backend Servers: For end-to-end TLS, Application Gateway requires backend instances to be allowed by uploading authentication/trusted root certificates. Make sure these are correctly configured.
    6. Troubleshoot with Azure Diagnostics: Utilize Azure’s diagnostic tools to analyze the Application Gateway and Web App configurations. Look for any errors or warnings that could indicate misconfiguration.
    7. Consult Azure Documentation: Review the official Microsoft documentation for Enabling end to end TLS on Azure Application Gateway and Certificates required to allow backend servers for additional troubleshooting steps and best practices.

    Regards

    Jonathan

    ---------------------

    If the answer is the correct solution, click on ‘Accept answer’ and vote politely on it. If you have additional questions about this answer, click on ‘Comment’. Note: Follow the steps in our documentation to enable email notifications if you would like to receive email notifications related to this topic.

    0 comentários Sem comentários

2 respostas adicionais

Classificar por: Mais útil
  1. Jonathan Pereira Castillo 12,095 Pontos de reputação Fornecedor da Microsoft
    2024-06-27T20:23:37.0133333+00:00

    Olá Loren Oliveira,

    O objetivo desta mensagem é verificar as informações fornecidas. Se tiver mais atualizações sobre este assunto, por favor, não hesite em responder neste mesmo tópico.

     

    Cuidadosamente

    Jonathan

    -----------

    Se a resposta for a solução correta, clique em "Aceitar resposta" e vote educadamente nela. Se você tiver perguntas adicionais sobre essa resposta, clique em "Comentar". Nota: Siga as etapas em nossa documentação para habilitar notificações por e-mail se você gostaria de receber notificações por e-mail relacionadas a este tópico.

    0 comentários Sem comentários

  2. Jonathan Pereira Castillo 12,095 Pontos de reputação Fornecedor da Microsoft
    2024-06-28T14:19:32.76+00:00

    Oi Loren Oliveira

    Agradeço sinceramente por ter tido a oportunidade de ajudá-lo. É gratificante saber que as informações que forneci estavam corretas.

    Cuidadosamente

    Jonathan

    0 comentários Sem comentários

Sua resposta

As respostas podem ser marcadas como Respostas Aceitas pelo autor da pergunta, o que ajuda os usuários a saber a resposta que resolveu o problema do autor.