SSL Certificate with Azure Web App behind Private Endpoint

GarudaLead · ‎Sep 04 2022

I've created an Azure Web App that sits behind an Application as well as a private endpoint. The idea being that to access the app, you must go through the Application Gateway and cannot access it through the webapp.azurewebsites.net url. The tutorial I followed was here: https://www.fearofoblivion.com/Securing-Azure-Web-Apps-using-Application-Gateways-and-vNets

The diagram of how it all looks is this:

Everything works as expected. The site cannot be accessed through azurewebsites.net and can only be accessed through the public IP of the Application gateway.

The problem is when trying to add an SSL certificate. If I add an SSL certificate to the WebApp I must verify the domain by adding a CNAME record to point to the azurewebsites.net domain with the IP of the WebApp. If I do that it allows public access back to the WebApp through Azurewebsites.net.

How do I add an SSL for my WebApp without losing the security of a private endpoint?

guidovbrakel · ‎Sep 05 2022

I think you need the ssl certificate in the frontend/ backend pool of the app gateway. https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-end-to-end-ssl-powers...

GarudaLead · ‎Sep 06 2022

I ended up using the SSL cert associated with the azurewebsites.net domain.

vlnka · ‎Oct 21 2022

Hi,
If I may ask how do you manage that? Do you still have the application gateway? With a certificate for azurewebsites.net?
Thanks

SSL Certificate with Azure Web App behind Private Endpoint

SSL Certificate with Azure Web App behind Private Endpoint

Re: SSL Certificate with Azure Web App behind Private Endpoint

Re: SSL Certificate with Azure Web App behind Private Endpoint

Re: SSL Certificate with Azure Web App behind Private Endpoint

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

SSL Certificate with Azure Web App behind Private Endpoint