How SSL can be configured for Azure Traffic Manager

Venkata Sai Kalyan 0 Reputation points
2023-01-17T12:34:37.9333333+00:00

Hi Team,

We are going to use Azure traffic manager for our Prod and DR environments, and we use public domain for custom URL. How can we use HTTPS protocol from traffic manager and where we can configure SSL in traffic manager and how SSL offloading will be working in traffic manager?

Azure Traffic Manager
Azure Traffic Manager
An Azure service that is used to route incoming network traffic for high performance and availability.
109 questions
{count} votes

1 answer

Sort by: Most helpful
  1. GitaraniSharma-MSFT 45,501 Reputation points Microsoft Employee
    2023-01-17T14:08:18.5433333+00:00

    Hello @Venkata Sai Kalyan ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand that you would like to know can you use HTTPS protocol from traffic manager and where can you configure SSL in traffic manager and how SSL offloading will be working in traffic manager?

    As explained in How Traffic Manager Works, Traffic Manager works at the DNS level. Once the DNS lookup is complete, clients connect to the application endpoint directly, not through Traffic Manager. Therefore, the connection can use any application protocol.

    Traffic Manager supports probing over HTTPS. You can configure HTTPS as the protocol in the monitoring configuration.

    Refer: https://learn.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview

    However, Traffic manager can’t provide any certificate validation, including:

    Server-side certificates aren’t validated.
    SNI server-side certificates aren’t validated.
    Client certificates aren’t supported.

    HTTPS monitoring in Traffic manager doesn't verify whether your TLS/SSL certificate is valid. It only checks that the certificate is present.

    Traffic Manager is not a proxy or a gateway. Traffic Manager does not see the traffic passing between the client and the service.

    So, Traffic manager doesn't support SSL offloading.

    If your requirement is SSL offloading, you can go with the below layer-7 load balancers that only accept HTTP(S) traffic:

    Application gateway - Regional load balancer

    Azure Front Door - Global load balancer

    These layer 7 load balancers are intended for web applications or other HTTP(S) endpoints. They include features such as SSL offload, web application firewall, path-based load balancing, and session affinity.

    Refer: https://learn.microsoft.com/en-us/azure/architecture/guide/technology-choices/load-balancing-overview

    https://learn.microsoft.com/en-us/azure/application-gateway/ssl-overview

    https://learn.microsoft.com/en-us/azure/frontdoor/end-to-end-tls

    Kindly let us know if the above helps or you need further assistance on this issue.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    2 people found this answer helpful.
    0 comments No comments