question

BoopathyElango-7282 avatar image
0 Votes"
BoopathyElango-7282 asked ·

Azure app service cert issue

Hi Team,

Front end is an Angular application hosted on Azure App service. Backend is a springboot application hosted on Tomcat Azure Linux VM and listening on port 8XXX and its configured with a SSL (a private certificate issued by the customer). We can access the GET api call from client browser since it has certificates installed to trust.

Now we have to achieve the same in Angular to access the Backend API. Not sure how to trust private certificates using Angular code.

Whenever we try to access the backend api, we are getting timeout. Not able to reach the endpoint.
What could be the issue ? Is there something i can do outside angular code to trust certificates? I mean appservice provides any option to configure and access the certs.

Added attachments for your review
8366-err-timed-out.jpg
8374-kadu-console.jpg

THanks


azure-webapps
err-timed-out.jpg (44.3 KiB)
kadu-console.jpg (91.6 KiB)
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

ajkuma-MSFT avatar image
0 Votes"
ajkuma-MSFT answered ·

@ Bootpathy, Apologies for the delay! Thanks for posting a good question.

If my understanding is correct, the question is how to bypass SSL certificate validation when calling from App Service to Https endpoint and not from browser AJAX. In case of a .NET app, you could always provide custom SSL validation via ServicePointManger. I believe you could try the similar process with Angular framework (I have not tested this at this moment).
Furthermore, just to highlight, typically the SSL certificate validation issue (especially untrusted chain) should fail instantly and not timeout.

I understand in your scenario (a private certificate is issued by the customer), in case your requirement fits, you can always use and easily add a private certificate by creating a free App Service Managed Certificate (Preview).

The free App Service Managed Certificate or the App Service certificate already satisfy the requirements of App Service
The private certificate on App Service, must meet the following requirements, kindly review these:

• Exported as a password-protected PFX file

• Contains private key at least 2048 bits long

• Contains all intermediate certificates in the certificate chain

To secure a custom domain in a TLS binding, the certificate has additional requirements:

• Contains an Extended Key Usage for server authentication (OID = 1.3.6.1.5.5.7.3.1)

• Signed by a trusted certificate authority

Once again, apologies for the inconvenience with this issue. Thanks for your patience and co-operation.

Kindly let us know how it goes, we will be more than happy to assist you further.










· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.