Share via

SSL validity error when accessing an internal web site from the Azure App Proxy

Joe Sparks 26 Reputation points
2024-03-13T16:22:30.55+00:00

I have an internal web page that we are using Application proxy to give external access. When accessing this from external on a non-domain joined machine, we are getting an SSL error that states "cannot validate the SSL cert on the site", so I get an unsecure warning, and the page is not displaying correctly. The internal site has a valid wild card cert applied and if I access this site though the proxy with a domain machine it works fine, with no warning. How do I get this to validate the cert and display the page correctly.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Givary-MSFT 35,786 Reputation points Microsoft Employee Moderator
    2024-03-15T05:25:56.6533333+00:00

    @Joe Sparks Apologies for the delayed response and I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.

    Issue: I have an internal web page that we are using Application proxy to give external access. When accessing this from external on a non-domain joined machine, we are getting an SSL error that states "cannot validate the SSL cert on the site", so I get an unsecure warning, and the page is not displaying correctly. The internal site has a valid wild card cert applied and if I access this site though the proxy with a domain machine it works fine, with no warning. How do I get this to validate the cert and display the page correctly.

    Solution: Resolved by Joe Sparks

    I was able to fix this, finally found the MS page that had the right method. Make sure when creating the app, you change the external URL to match the CNAME record you created in your Domain DNS settings. MS on the backend will do the translation over to the proxy address.

    If you have any other questions or are still running into more issues, please let me know. Thank you again for your time and patience throughout this issue.

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    Was this answer helpful?

    0 comments
  2. Joe Sparks 26 Reputation points
    2024-03-14T15:01:14.3733333+00:00

    I was able to fix this, finally found the MS page that had the right method. Make sure when creating the app, you change the external URL to match the CNAME record you created in your Domain DNS settings. MS on the backend will do the translation over to the proxy address.

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.