Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

WAF v2 and use of Lets Encrypt wildcard

Copper Contributor

Hello All,

 

I´m using WAF v2 and one of my listeners uses Port 443 and multi-site domain. 

 

I´ve generated a SSL WildCard for this domain using Let´s Encrypt. 

 

When I put WAF in front of this specific site/domain, I receive an error as following

The connection for this site is not secure

homolog-icg.icgti.com.br uses an unsupported protocol

ERR_SSL_VERSION_OR_CIPHER_MISMATCH. 

 

My SSL Policy is as following:

Min protocol version
TLSv1_2
Cipher suites
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
 
I have other websites with other SSL WildCard certificate (paid-not free) in the same backend pool but a different Listener and the error doesn´t happen with them also.
 
I would suspect that could be the SSL configuration in the server machine, but if other websites are working fine, my guess should be the certificate that not allow the type of cyphers I have in my SSL Policy.
 
Is this make any sense?
 
Anyone have tried something similar scenario?
 
Thanks 
 
Mirella
2 Replies
best response confirmed by mpellizzon (Copper Contributor)
Solution
Letsencrypt on Azure has slightly different way of doing have to tried as per the below article
https://learn.microsoft.com/en-us/azure/application-gateway/ingress-controller-letsencrypt-certifica...
Thanks for your response! I understood now!
1 best response

Accepted Solutions
best response confirmed by mpellizzon (Copper Contributor)
Solution
Letsencrypt on Azure has slightly different way of doing have to tried as per the below article
https://learn.microsoft.com/en-us/azure/application-gateway/ingress-controller-letsencrypt-certifica...

View solution in original post