Traffic Manager MismatchCert (Hostname mismatch) Blocked by SSL_HOST_MISMATCH

Guru Patanaik 1 Reputation point
2021-03-18T17:50:21.03+00:00

I am configuring a single Azureapp endpoint with traffic manager but getting below error. Please suggest

MismatchCert (Hostname mismatch) Blocked by SSL_HOST_MISMATCH

Hostname 'myfirstwebapp.trafficmanager.net' didn't match certificate info, issuer='/C=US/O=Microsoft Corporation/CN=Microsoft RSA TLS CA 01', subject='/CN=.azurewebsites.net', notbefore='Sep 28 19:00:01 2020 GMT', notafter='Sep 28 19:00:01 2021 GMT', serial='6B0000312FB373BC1B93BC837900000000312F', altnames='DNS:.azurewebsites.net, DNS:.scm.azurewebsites.net, DNS:.azure-mobile.net, DNS:.scm.azure-mobile.net, DNS:.sso.azurewebsites.net'

Azure Traffic Manager
Azure Traffic Manager
An Azure service that is used to route incoming network traffic for high performance and availability.
111 questions
{count} votes

1 answer

Sort by: Most helpful
  1. SaiKishor-MSFT 17,221 Reputation points
    2021-03-25T18:36:34.897+00:00

    @Guru Patanaik

    Currently if you have a *.trafficmanager.net domain and point it to an azure website you get warnings from browsers saying that certificates don't match (if you make https requests).This is because .azurewebsites.net have a certificate for .azurewebsites.net but not *.trafficmanager.net.

    Please refer to the feature request: https://feedback.azure.com/forums/169385-web-apps-formerly-websites/suggestions/7379755-add-the-trafficmanager-net-ssl-certificate-to-we that refers to the similar issue.

    However, now you can use *.trafficmanager.net with SSL if using Azure Managed Certificates (in preview)
    https://azure.microsoft.com/en-us/updates/secure-your-custom-domains-at-no-cost-with-app-service-managed-certificates-preview/
    It is not available out-of-the-box (even so SSL for TM in WebApp has green checkbox already) - however can be easily achieved using small PS snippet - see following URLs for additional reference and the PS script:
    https://learn.microsoft.com/answers/questions/1181/managed-certificates-behind-traffic-manager.html
    https://dotnetdevlife.wordpress.com/2019/11/11/app-service-managed-certificate/

    Hope this helps. Please let us know if you have any further questions and we will be glad to assist you further. Thank you!

    Remember:

    Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

    Want a reminder to come back and check responses? Here is how to subscribe to a notification.

    0 comments No comments