This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 14.000000000000002%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESA%3C/text%3E%3C/svg%3E)
Hello,
Unable to access web app via app gateway. Able to access web app directly, so its working ok. Also, backend health shows all healthy. Dont know why its giving SSL_Error. Any help would be appreciated.
Other backend which is pointing to a VM on 8080 works fine.
The URL gets changed to "<app_service_url>:80"
Thanks
You need to create a routing rule for HTTPS, and upload a certificate the Azure Application Gateway.
Its worth noting that the webapp - by default has a certificate. All webapps come with one, issued by Microsoft for the *.azurewebsites.net domain.
Hello @Salman Ahmad !
Welcome to Microsoft QnA!
For Application Gateway to work correctly you need
Read through these links
I hope this helps!
Kindly mark the answer as Accepted and Upvote in case it helped!
Regards
Thanks for the reply. Why would you need a certificate ? It doesnt have an SSL , its just a very basic app. Is it a requirement for the app gateway to have certificates ? If the web app works fine if you access directly , cant it also work like that via app gw ?
Hello
So it is no an SSL protected Website ?
Is it a Self Signed Certificate on the Server ?
Try simple HTTP on the browser , but first re adjust the Listener to HTTP and the Rules and you can run without HTTPs
Can you share the configuration please ? or an overall description ?
Tell us , how the Listener is Configured , the Routing Rules and the backends
I hope this helps!
Kindly mark the answer as Accepted and Upvote in case it helped!
Regards
Hello @Salman Ahmad !
Have a look here :
And here :
Frontend port
Associate a frontend port. You can select an existing port or create a new one. Choose any value from the allowed range of ports. You can use not only well-known ports, such as 80 and 443, but any allowed custom port that's suitable. The same port can be used for public and private listeners (Preview feature).
Note
When using private and public listeners with the same port number, your application gateway changes the "destination" of the inbound flow to the frontend IPs of your gateway. Hence, depending on your Network Security Group's configuration, you may need an inbound rule with Destination IP addresses as your application gateway's public and private frontend IPs.
Inbound Rule:
Outbound Rule: (no specific requirement)
Protocol
Choose HTTP or HTTPS:
If you choose HTTP, the traffic between the client and the application gateway is unencrypted.
Choose HTTPS if you want TLS termination or end-to-end TLS encryption. The traffic between the client and the application gateway is encrypted and the TLS connection will be terminated at the application gateway. If you want end-to-end TLS encryption to the backend target, you must choose HTTPS within backend HTTP setting as well. This ensures that traffic is encrypted when application gateway initiates a connection to the backend target.
To configure TLS termination, a TLS/SSL certificate must be added to the listener. This allows the Application Gateway to decrypt incoming traffic and encrypt response traffic to the client. The certificate provided to the Application Gateway must be in Personal Information Exchange (PFX) format, which contains both the private and public keys.
Note
When using a TLS certificate from Key Vault for a listener, you must ensure your Application Gateway always has access to that linked key vault resource and the certificate object within it. This enables seamless operations of TLS termination feature and maintains the overall health of your gateway resource. If an application gateway resource detects a misconfigured key vault, it automatically puts the associated HTTPS listener(s) in a disabled state. Learn more.
I hope this helps!
Kindly mark the answer as Accepted and Upvote in case it helped!
Regards
Thanks for all your input. Issue is resolved now. All it needed was this simple setting