![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 9%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
Hello @john ,
From the description above I could understand that you are trying to configure AAD Application proxy for an On-Prem web application. However while trying to access the application it gives error and logs suggest "The SSL server certificate presented to Microsoft AAD Application Proxy Connector by the backend server is not valid; the certificate is not trusted" (Please do correct me if this is not the ask):
Possible Cause: This could indicate that the backend server provided an SSL that was not valid or that there is no trust between the Web Application Proxy and the backend server.
Action Plan:
Kindly validate backend server SSL certificate. Make sure that the Web Application Proxy server is configured with the right root CAs to trust the backend server certificate/issuing CA.
This could be validated by navigating to the certificate -> Certification Path -> Select the chain (by clicking on each of the certificates followed by "view certificate"). PFB screenshot for example
Action Plan: If any of the cert from the chain is missing then chain building will not be completed resulting in certificate trust issues. Hence the required root cert is needed to be trusted/installed.
