1

I am working on setting up the the Azure Application Gateway Web Application Firewall for a Web App hosted on Web Apps with everything behind SSL.

I can get it to work when everything is none SSL using this article https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-web-app-powershell

However when I try to Change it to SSL and upload the CER file i cannot get it to show Heathly. I changed all the references to https, and everything looks correct but i am still stuck

I also tried this article https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-end-to-end-ssl-powershell with no luck

Any thoughts on what i am missing, need this to work before i can go HA with the solution

Thanks Alex

Improve this question
2
  • Did you get some error messages ? Commented Nov 14, 2017 at 2:07
  • I worked with MS Support on this issue and found that you can set this up using powershell Commented Nov 23, 2017 at 16:28

1 Answer 1

Reset to default
1

here is the script MS Support worked with me on to make this work

# FQDN of the web app $webappFQDN = "XXX.XXXXX.com" # Retrieve an existing application gateway $gw = Get-AzureRmApplicationGateway -Name "XXXX" -ResourceGroupName "XXXX" # Define the status codes to match for the probe $match=New-AzureRmApplicationGatewayProbeHealthResponseMatch -StatusCode 200-399 # Add a new probe to the application gateway Add-AzureRmApplicationGatewayProbeConfig -name webappprobe-1 -ApplicationGateway $gw -Protocol Https -Path / -Interval 30 -Timeout 120 -UnhealthyThreshold 3 -PickHostNameFromBackendHttpSettings -Match $match # Retrieve the newly added probe $probe = Get-AzureRmApplicationGatewayProbeConfig -name webappprobe-1 -ApplicationGateway $gw # Configure an existing backend http settings Set-AzureRmApplicationGatewayBackendHttpSettings -Name appGatewayBackendHttpSettings -ApplicationGateway $gw -PickHostNameFromBackendAddress -Port 443 -Protocol https -CookieBasedAffinity Disabled -RequestTimeout 30 -Probe $probe Exclude these 2 lines #$authcert = New-AzureRmApplicationGatewayAuthenticationCertificate -Name whitelistcert1 -CertificateFile C:\XXXX\XXXX.cer #Set-AzureRmApplicationGatewayBackendHttpSettings -Name appGatewayBackendHttpSettings -ApplicationGateway $gw -PickHostNameFromBackendAddress -Port 443 -Protocol Https -CookieBasedAffinity Enabled -AuthenticationCertificates $authcert # Add the web app to the backend pool Set-AzureRmApplicationGatewayBackendAddressPool -Name appGatewayBackendPool -ApplicationGateway $gw -BackendFqdns $webappFQDN # Update the application gateway Set-AzureRmApplicationGateway -ApplicationGateway $gw
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.