In our scenario, we are providing SaaS platform which will automatically create customer specific traffic manager (xxxx.trafficmanager.net) each time when customer onboard our platform. The traffic manager will points to app service cross regions. The problem is, that if customer calls the traffic manager with HTTPS, the CERT warning will be shown. I know we can bind the cert to each of customer's traffic manager and upload the cert to azure. But since the traffic manager is automatically created in runtime, how can we automatically get a cert and bind to xxx.trafficmanager.net?
1 Answers
0
votes
Traffic Manager works at the DNS level. It sends DNS responses to direct clients to the appropriate service endpoint. Clients then connect to the service endpoint directly, not through Traffic Manager. You will bind your cert to the endpoint, not Traffic Manger. If the endpoint is an Azure Web App, you can use the CLI or Powershell to bind the cert.
Therefore, Traffic Manager does not provide an endpoint or IP address for clients to connect to.
Traffic Manager supports probing over HTTPS. Configure HTTPS as the protocol in the monitoring configuration.
Traffic manager cannot provide any certificate validation, including:
- Server-side certificates are not validated
- SNI server-side certificates are not supported
- Client certificates are not supported
