Azure AD App Proxy - Ignore SSL Errors on Internal WebApp

Sivasubramaniam Sivakumar 1 Reputation point
2022-11-17T11:49:25.307+00:00

I am trying out Azure AD App Proxy to connect to an on-prem web app. The web app has an invalid SSL certificate that is not in my control to change. I have deployed Azure AD App Proxy app and connector correctly, but I finally get the following error -

BadGateway: This corporate app can't be accessed.
Next Steps: One or more errors were found in the Secure Sockets Layer (SSL) certificate sent by the server.

I am assuming this is because of the invalid SSL certificate on the on-prem web app. Is it possible to configure the proxy connector to ignore this SSL error?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,103 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Akshay-MSFT 15,856 Reputation points Microsoft Employee
    2022-11-27T16:24:27.85+00:00

    Hello @Sivasubramaniam Sivakumar ,

    Thanks for your time and patience. I was able to test this through in my lab. Here are the possible scenarios I tested.

    • The Azure application proxy could not bypass the error caused due to invalid SSL certificate bound to the application. Any communication happening via port 443 (due to SSL binding), regardless of happening with or without AAD proxy in place. To find if the issues is due to SSL or application proxy, please validate the azure application proxy connector logs.
    • The error message you shared seems to be a generic one which could be seen when Azure AD app proxy is not configured, connector is not updated, service is not running or the AAD application proxy connector server is not running.

    264518-image.png

    For details on this please try the following:

    • Configure the web application without IIS binding i.e. port 80

    264465-image.png

    • See if the application is accessible without any issues on private network.

    264551-image.png

    Please do let me know if you have any further queries.

    Thanks,
    Akshay Kaushik

    Please "Accept the answer", "Upvote" and rate your experience if the suggestion works as per your business need. This will help us and others in the community as well.

    0 comments No comments