I am 3 backend pools . And each pool has 2 servers . One pool has 2 servers listed as unhealthy and the error message we see is below:
"backend server certificate is not whitelisted with application gateway .Make sure that the certificate uploaded to the application gateway matches with the certificate configured in the backend servers. To learn more visit https://aka.ms/authcertificatemismatch"
I have some questions in regards to application gateway and need help with the same :
1)Is that application gateway can be configured with multiple backend pools and each pool can serve a request for different applications ?
or is that all the backend pools has to serve the request for one application ?
2)How should we get this issue fixed ? I did not find this error message listed here https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-backend-health-troubleshooting
Is that we have to follow the below step for resolution ?
Trusted root certificate mismatch
Message: The root certificate of the server certificate used by the backend does not match the trusted root certificate added to the application gateway. Ensure that you add the correct root certificate to allowlist the backend.
Cause: End-to-end SSL with Application Gateway v2 requires the backend server's certificate to be verified in order to deem the server Healthy. For a TLS/SSL certificate to be trusted, the backend server certificate must be issued by a CA that's included in the trusted store of Application Gateway. If the certificate wasn't issued by a trusted CA (for example, a self-signed certificate was used), users should upload the issuer's certificate to Application Gateway.
The certificate that has been uploaded to Application Gateway HTTP settings must match the root certificate of the backend server certificate.
Solution: If you receive this error message, there's a mismatch between the certificate that has been uploaded to Application Gateway and the one that was uploaded to the backend server.
Follow steps 1-11 in the preceding method to upload the correct trusted root certificate to Application Gateway.
For more information about how to extract and upload Trusted Root Certificates in Application Gateway, see Export trusted root certificate (for v2 SKU).