Azure app service cert issue

Boopathy, Elango 106 Reputation points
2020-05-15T15:22:45.49+00:00

Hi Team,

Front end is an Angular application hosted on Azure App service. Backend is a springboot application hosted on Tomcat Azure Linux VM and listening on port 8XXX and its configured with a SSL (a private certificate issued by the customer). We can access the GET api call from client browser since it has certificates installed to trust.

Now we have to achieve the same in Angular to access the Backend API. Not sure how to trust private certificates using Angular code.

Whenever we try to access the backend api, we are getting timeout. Not able to reach the endpoint.
What could be the issue ? Is there something i can do outside angular code to trust certificates? I mean appservice provides any option to configure and access the certs.

Added attachments for your review
8366-err-timed-out.jpg
8374-kadu-console.jpg

THanks

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,956 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. ajkuma 22,521 Reputation points Microsoft Employee
    2020-05-20T22:04:01.537+00:00

    @ Bootpathy, Apologies for the delay! Thanks for posting a good question.

    If my understanding is correct, the question is how to bypass SSL certificate validation when calling from App Service to Https endpoint and not from browser AJAX. In case of a .NET app, you could always provide custom SSL validation via ServicePointManger. I believe you could try the similar process with Angular framework (I have not tested this at this moment).
    Furthermore, just to highlight, typically the SSL certificate validation issue (especially untrusted chain) should fail instantly and not timeout.

    I understand in your scenario (a private certificate is issued by the customer), in case your requirement fits, you can always use and easily add a private certificate by creating a free App Service Managed Certificate (Preview).

    The free App Service Managed Certificate or the App Service certificate already satisfy the requirements of App Service
    The private certificate on App Service, must meet the following requirements, kindly review these:

    • Exported as a password-protected PFX file

    • Contains private key at least 2048 bits long

    • Contains all intermediate certificates in the certificate chain

    To secure a custom domain in a TLS binding, the certificate has additional requirements:

    • Contains an Extended Key Usage for server authentication (OID = 1.3.6.1.5.5.7.3.1)

    • Signed by a trusted certificate authority

    Once again, apologies for the inconvenience with this issue. Thanks for your patience and co-operation.

    Kindly let us know how it goes, we will be more than happy to assist you further.

    0 comments