locked
HTTPS is not working on Application gateway connected with web app RRS feed

  • Question

  • I tried to enable HTTPS end to end. It's not working. 

    I uploaded my certificate to key vault and same I used in web app. I uploaded pfx file in app gateway listener.

    Sunday, May 31, 2020 5:28 AM

All replies

  • Hi,

    can you provide some more details?

    As far as I understand you have an Application Gateway deployed. This has a configured listener with an app service as backend pool? (Are you using HTTP or HTTPs for this?)

    Where are you facing your issue? When calling the listener URL?

    Is the health probe healthy (metrics)?

    Thanks

    Julian

    Sunday, May 31, 2020 6:49 AM
  • Hi,

    I want to end to end HTTPS. Client => App Gateway => Web app(backend pool)

    Configuration:

    1) Web app : 

        1) TLS/SSL Settings : Clicked on private key certificate => Imported from key vault certificate 

         certificate status showing healthy

    2) Application Gateway

         1) Listener : added both http and https. For https added pfx certificate file

    Now when I put my URL https://somappaweb.co.in It's telling it can't be reached. I want HTTPS should be enabled first in app gateway and also https commincation through backend pool.

    Backend health status is healthy for 443 

    • Edited by Somappa Sunday, May 31, 2020 11:55 AM
    Sunday, May 31, 2020 11:50 AM
  • Your "listener" should look similar to this:

    - Frontend IP (Public or Private)
    - Port (443)
    - Protocol (HTTPS)
    - Choose a certificate (your certificate here (private key and public key))
    - Listener type (based on your needs)

    Behind the listener you have the "rule".
    Which either redirects or has a backend configured (properly backend)

    The rule references the backend and http settings. 

    HTTP Setting:
    - Backend protocol (HTTPs)
    - Port 443 (or what ever backend port you have)
    - Use well known CA (depends on your backend certificate, if you have a self signed or custom ca cert, then you need to import the CA Public Key)
    - Cookie.based affinity (based on your needs)
    - overwrite hostname (depending on your need)
    - custom probe (if needed)

    Backend Pool is quite straight forward

    Hope this helps

    Wednesday, June 3, 2020 6:47 AM
  • Also please review This doc for additional considerations, in particular the backend settings that differ between the V1 and V2 SKU. 
    Thursday, June 4, 2020 12:43 AM