0
votes

I'm configuring Azure Application Gateway to serve internally on Azure Vnet private IP, I've assigned private DNS name like my-gateway.private, now I want to configure SSL to server https requests internally. Is it possible to generate certificate for private domain in Azure? Considering self signed one will not work good, because I can't turn off root certificate / trusted CA verification on client side.

1

1 Answers

0
votes

Firstly, you have not mentioned whether what is the type of back-end. Is it a server pool or app-service ? As per my understanding you are having VMs to as backend servers. You would have more options with Azure App services compared to Azure VMs.

Further, application gateway does not provide any capability to create a new certificate or send a certificate request to a certification authority.

Application gateway supports the following types of certificates:

  • CA (Certificate Authority) certificate: A CA certificate is a digital certificate issued by a certificate authority (CA)
  • EV (Extended Validation) certificate: An EV certificate is a certificate that conforms to industry standard certificate guidelines. This will turn the browser locator bar green and publish the company name as well.
  • Wildcard Certificate: This certificate supports any number of subdomains based on *.site.com, where your subdomain would replace the *
  • Self-Signed certificates: Client browsers do not trust these certificates and will warn the user that the virtual service’s certificate is not part of a trust chain. Self-signed certificates are good for testing or environments where administrators control the clients and can safely bypass the browser’s security alerts. Production workloads should never use self-signed certificates.

For more information : https://docs.microsoft.com/en-us/azure/application-gateway/ssl-overview