3

I'm trying to implement SSL offload in Azure Application Gateway as described in documentation: https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-ssl-portal

It requires to upload existing SSL certificate in PFX format.

How can I generate it?

I assume it should be specific for the DNS name of the Application Gateway. I can see it has automatically generated DNS name in the associated appGatewayFrontendIP (Frontend IP configurations > Public > Public IP address), but I can't specify the DNS name I want.

Am I supposed to create a CNAME in my DNS domain for the Application Gateway and generate a certificate for this CNAME?

4

1 回答 1

4

Ivan,应用程序网关将传入客户端请求中的主机头转发到后端服务器。因此,在您的情况下,如果您有 mydomain.com 的证书,您将上传该证书的 pfx 以供应用程序网关进行解密/重新加密,是的,您需要 mydomain.com 的 CNAME 记录指向 .cloudapp .net 如果您为公共 IP 地址动态创建 dns 名称。在这种情况下,正确的主机头将被发送到您的后端服务器。

于 2017-02-02T22:00:15.530 回答