I tried the following method
First, the server certificate and root certificate embedded in the Web server were embedded as CER.
The procedure followed the following URL
https://learn.microsoft.com/ja-jp/azure/application-gateway/end-to-end-ssl-portal
Backend health was healthy at this time
However, the URL https://front.example.com/ that was set in front of ApplicationGateWay returns 502 Bad Gateway.
Next, I set Use well known CA certificate of Trusted root certificate to Yes and tried it. This is because the backend server uRL https://backend.example.com is a URL that can be accessed from the Internet and has a certificate with that name.
Again, backend health was healthy
However, the URL https://front.example.com/ that was set in front of ApplicationGateWay returns 502 Bad Gateway.
Then I changed the rule to make the backend an http connection.
At this time, https://front.example.com/ will display the normal backend site.
The backend server allows the following Cipher Suites
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
Depending on how the FQDN and Host header when accessed from the front are transferred to the Backend, there may be cases where the health check succeeds and fails from the outside.
Where can I find out which cases fail?
Thank you.