Application Gateway - With Https Listener - Key vault certificate

Nitya V 45

Hi Team

We have setup an application gateway in Azure with https listener attached to a self signed certificate in key vault

We have associated the app gateway with multiple app services under it

This has custom domain and dns configured to the app gateway public IP

However when we access it with https it gives us

net::ERR_CERT_AUTHORITY_INVALID

Any help would be appreciated

Rohith Vinnakota 510 Reputation points Microsoft Vendor

2024-09-23T18:09:20.0666667+00:00

Hi Nitya V,
Good day!
Just checking in to see if the below answer provided by TP. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Rohith Vinnakota 510 Reputation points Microsoft Vendor

2024-09-24T20:06:47.9933333+00:00

Hi Nitya V,

Good day!

Just checking in to see if the below answer provided by TP. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

1 answer

TP 93,301 Reputation points

2024-09-23T12:49:11.12+00:00

Hi Nitya,

The listener certificate needs to be issued by an authority trusted by the client PCs. For example, a public certificate issued by Let's Encrypt, GlobalSign, DigiCert, GeoTrust, Comodo, etc.

From your description you used a self-signed certificate, which by default won't be trusted by the client PCs. You could manually add the self-signed certificate to the trusted root certification authorities store on each PC, but generally that is only done in test scenarios.

Please click Accept Answer and upvote if the above was helpful.

Thanks.

-TP
Please sign in to rate this answer.
Nitya V 45 Reputation points

2024-09-23T12:52:33.2366667+00:00

Thanks . If it is accessed another azure app service does it need certificates from public certificate authorities. These app services are more like api that will be called.Would that pose a problem

TP 93,301 Reputation points

2024-09-23T13:00:30.2566667+00:00

Thanks . If it is accessed another azure app service does it need certificates from public certificate authorities. These app services are more like api that will be called.Would that pose a problem

Yes, the certificate needs to be trusted, and one from public authority is easy way to accomplish that. In your case think of the app services as the "client PCs" that I referred to above.

TP 93,301 Reputation points

2024-09-24T13:24:14.6066667+00:00

@Nitya V Any update?

TP 93,301 Reputation points

2024-09-24T14:34:47.78+00:00

@Nitya V Please click Accept Answer to close up this thread.

Thank you.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Application Gateway - With Https Listener - Key vault certificate

1 answer

Your answer