TLS Inspection causes error when used with internal web server: ''Error message 'x509: certificate signed by an unknown authority' displayed when using TLS Inspection with internal web server''
Question: When attempting to connect to a private, internal web server with a private certificate (signed by our internal CA) through a rule with TLS Inspection enabled, the browser displays the error message 'x509: certificate signed by an unknown authority.' The issue is specific to internal websites within my client's organization, as external websites work fine under TLS Inspection. The client's certificate appears valid and has a proper path back to our Root CA. Can you provide guidance on resolving this error?
The problem appears to be the Azure Firewall (TLS Inspection App Proxy) doesn't trust the Internal CA. It is not immediately obvious how to add your organization's PKI Root and Intermediates to the Firewall Policy to fix this.
Sign in to comment