Hello @Ashwani Jaiswal ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand that you have added custom domain and SSL certificate to your Power Page site through Power Platform admin site, created binding and validation was successful. This site is hosted behind Azure CDN and when browsing to this site through the custom URL, it shows SSL warning as its insecure and the SSL says that the certificate for "*.azureedge.net" doesn't match the domain in the URL.
I'm not sure if you have added the custom domain and the SSL certificate to the Azure CDN endpoint but below is the process to get it done.
The endpoint name in your CDN profile is a subdomain of azureedge.net. Azure CDN provides the option of associating a custom domain with a CDN endpoint. This option delivers content with a custom domain in your URL instead of the default domain (azureedge.net).
To add a custom domain to your Azure CDN endpoint, follow below doc:
Now, to ensure your sensitive data is delivered securely via TLS/SSL, you can enable HTTPS protocol on your custom domain (for example, https://www.contoso.com). When your web browser is connected via HTTPS, the browser validates the web site’s certificate. The browser verifies it’s issued by a legitimate certificate authority. This process provides security and protects your web applications from attacks.
Azure CDN supports HTTPS on a CDN endpoint hostname, by default. For example, if you create a CDN endpoint (such as https://contoso.azureedge.net), HTTPS is automatically enabled for "azureedge.net".
But if you want to enable HTTPS on an Azure CDN custom domain, you need to follow the process provided in the below doc:
Some of the key attributes of the custom HTTPS feature on Azure CDN are:
- No extra cost: There aren't costs for certificate acquisition or renewal and no extra cost for HTTPS traffic. You pay only for GB egress from the CDN.
- Simple enablement: One-click provisioning is available from the Azure portal. You can also use REST API or other developer tools to enable the feature.
- Complete certificate management is available:
- All certificate procurement and management is handled for you.
- Certificates are automatically provisioned and renewed before expiration.
To enable HTTPS on an Azure CDN custom domain, you use a TLS/SSL certificate. You can choose to use a certificate that is managed by Azure CDN or use your own certificate.
NOTE: Enabling HTTPS with your own certificate or BYOC option is available only with Azure CDN from Microsoft and Azure CDN from Verizon profiles. This process is done through an integration with Azure Key Vault, which allows you to store your certificates securely. And the certificate must have a complete certificate chain with leaf and intermediate certificates, and root CA must be part of the Microsoft Trusted CA List.
Once, you enable HTTPS on your Azure CDN custom domain with managed/BYOC certificate and access your custom domain URL, the browser should be able to verify the certificate properly.
If the above configurations are already done by you on your Azure CDN endpoint, then please share the below details for further discussion:
- Which Azure CDN product you are using (Azure CDN Standard from Microsoft/ Azure CDN Standard from Akamai/Azure CDN Standard from Verizon/Azure CDN Premium from Verizon)?
- Are you using your own certificate on Azure CDN to enable the HTTPS feature? If yes, does the certificate have a complete certificate chain with leaf and intermediate certificates and root CA? And is it a part of Microsoft Trusted CA list?
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.