Azure Front-Door: Backend Pool SSL Validation with Hostname or HostHeader

Amit Jaiswal 266 Reputation points


In the backendpool of azure front-door, if I use Custom Host as a backend.
And backend hostname =
and backend hostheader =

Then, SSL Validation will happen with backendhostname or backend hostheader ?
Do I need to add both backendhostname and backendhostheadr as SAN in my SSL certificate ?

I am using App gateway (Multisite) as the backend here.

this link is not giving clear explanation-

Please guide

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
386 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Anisio Moreira 1 Reputation point

    Hi, @ChaitanyaNaykodi-MSFT

    If validation is done by hostname and not by hostheader, what is the function of the hostheader?

    I have an application in production today where access is done without AzureFD by the url and I need to put AzureFD to protect it. My idea is to set up a Origin in AzureFD by pointing the hostname to and the hostheader as, then in public DNS it would direct the record to AzureFD. This way I don't need to interact with the application.

    0 comments No comments