TLS using Application gateway

trupti g 1 Reputation point
2020-08-06T19:02:11.597+00:00

currently have a listener on our application gateway configured for http request on port 90 and associated with the HTTP setting(Appgateway_httpsettings1)configured to route requests to the backend server on port 90. However, I would like to change the same configuration to Https using SSL certificate.but ssl certificate port number 443 and webapp with port 90.setting to backend port to 443 (ssl), How it is going to work for our web application with port 90.if possible Kindly let me know the detail step and how to configure the same

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,079 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,901 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. GitaraniSharma-MSFT 49,581 Reputation points Microsoft Employee
    2020-08-07T12:16:29.713+00:00

    Hello @trupti g ,

    I am assuming the current Application gateway configuration that you have is using custom port 90 for both listener and backend http settings. And you are using HTTP protocol throughout, however would like to use HTTPS instead.

    To configure TLS termination, a TLS/SSL certificate is required to be added to the listener.
    To configure End-to-end TLS, SSL certificates are required to be added to both the listener and backend HTTP settings.

    Not sure if you want to achieve SSL termination or end to end SSL but here are the steps:

    1) Create a Basic/Multi-site Listener (depending on the number of sites you have) with HTTPS endpoint with port 90 (if you would like the App GW to receive all requests on this port) or 443 (if custom port is not required for the incoming request) and upload a certificate and give the Hostname (in case of Multi-site listener).
    2) Create backend HTTP settings and make sure you define the backend port 90 and choose HTTPS for end to end SSL or HTTP for SSL termination. If you select HTTPS, you do not need to upload any authentication certificate or trusted root certificate to allow the app service backend since app service is a trusted Azure service.
    Please refer : https://learn.microsoft.com/en-us/azure/application-gateway/configure-web-app-portal
    But if the backend server is not an App service or a trusted Azure service, then you would need to upload the authentication certificate or trusted root certificate based on your Application gateway SKU.
    Please refer : https://learn.microsoft.com/en-us/azure/application-gateway/end-to-end-ssl-portal
    3) Make sure your backend server in backend pool run services on port 90.
    4) Create rules with corresponding Listener and HTTP settings and backend pool.

    Kindly let us know if the above helps or you need further assistance on this issue.


    Please don’t forget to "Accept the answer" wherever the information provided helps you, this can be beneficial to other community members.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.