Share via

SSL Application Gateway

Mohamed jihad bayali 1,136 Reputation points
2023-08-04T09:38:42.92+00:00

Hello,

I have multiple sites that i want to expose to internet using an application gateway.
These web sites will be accessed using https.
I'm in the phase of the generation of certificate signin request in ordre to obtains the certificates from the provider.
It's a little bit confusing for me at this level, because i will need to install the certificates on the application gateway as well, so to generate these CSR i will need to fill the following informations :

  1. Common Name (fully qualified domain name [FQDN] your certificate will secure)
  2. Country (two-digit code)
  3. State or Locality (full names e.g., California or Barcelona)
  4. Organization Name (full legal company or personal name as registered in your locality)
  5. Organization Unit (department in your organization the certificate is for [e.g., IT or Marketing])

The same certificates that will be installed on the servers will be installed on the application gateway ? Is there something to mention on the CSR related to the application gateway ?

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,213 questions
Accepted answer
  1. KapilAnanth-MSFT 49,536 Reputation points Microsoft Employee Moderator
    2023-08-04T09:54:11.4933333+00:00

    @Mohamed jihad bayali

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I understand that you would like to know about the certificates used in Azure Application Gateway.

    The same certificates that will be installed on the servers will be installed on the application gateway ?

    • This is correct.
    • You should install the same certificate as the backend server's TLS certificate on the Listener
    • The certificate provided to the Application Gateway must be in Personal Information Exchange (PFX) format, which contains both the private and public keys. The supported PFX algorithms are listed at PFXImportCertStore function.
    • The certificate on the listener requires the entire certificate chain to be uploaded (the root certificate from the CA, the intermediates and the leaf certificate) to establish the chain of trust.

    Let us know if you need further assistance on this issue.

    Thanks,

    Kapil

    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.