The root certificate of the server certificate used by the backend

Question

Hi,

I'm setting up a gateway app and I get the message:

The Common Name (CN) of the backend certificate does not match the host header entered in the health probe configuration. Either change the probe configuration or add a valid certificate on the backend.

When I create an integrity investigation the error changes to:

The root certificate of the server certificate used by the backend does not match the trusted root certificate added to the application gateway. Ensure that you add the correct root certificate to whitelist the backend.

What I have:

• AppGw configured with WAF2
• A backend pool: configured for a public IP that is directed to a website
• A listener configured as basic, using HTTPS with a wildcard certificate
• A rule linking the listener to the HTTPS settings
• An integrity investigation using the host (site.company.com) and path (/folder)

My certificate is public from GoDaddy.

Thanks.

Answer 1

@Salves , if you receive this error message, there's a mismatch between the certificate that has been uploaded to Application Gateway and the one that was uploaded to the backend server. The certificate that has been uploaded to Application Gateway HTTP settings must match the root certificate of the backend server certificate.

Note: This error can also occur if the backend server doesn't exchange the complete chain of the cert, including the Root > Intermediate (if applicable) > Leaf during the TLS handshake. To verify, you can use OpenSSL commands from any client and connect to the backend server by using the configured settings in the Application Gateway probe.

Please go through this troubleshooting doc for better understanding.

----------

Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.