question

GuruPatanaik-5344 avatar image
0 Votes"
GuruPatanaik-5344 asked SaiKishor-MSFT answered

Traffic Manager MismatchCert (Hostname mismatch) Blocked by SSL_HOST_MISMATCH

I am configuring a single Azureapp endpoint with traffic manager but getting below error. Please suggest

MismatchCert (Hostname mismatch) Blocked by SSL_HOST_MISMATCH

Hostname 'myfirstwebapp.trafficmanager.net' didn't match certificate info, issuer='/C=US/O=Microsoft Corporation/CN=Microsoft RSA TLS CA 01', subject='/CN=.azurewebsites.net', notbefore='Sep 28 19:00:01 2020 GMT', notafter='Sep 28 19:00:01 2021 GMT', serial='6B0000312FB373BC1B93BC837900000000312F', altnames='DNS:.azurewebsites.net, DNS:.scm.azurewebsites.net, DNS:.azure-mobile.net, DNS:.scm.azure-mobile.net, DNS:.sso.azurewebsites.net'

azure-traffic-manager
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

SaiKishor-MSFT avatar image
0 Votes"
SaiKishor-MSFT answered

@GuruPatanaik-5344

Currently if you have a .trafficmanager.net domain and point it to an azure website you get warnings from browsers saying that certificates don't match (if you make https requests).This is because .azurewebsites.net have a certificate for .azurewebsites.net but not .trafficmanager.net.

Please refer to the feature request: https://feedback.azure.com/forums/169385-web-apps-formerly-websites/suggestions/7379755-add-the-trafficmanager-net-ssl-certificate-to-we that refers to the similar issue.

However, now you can use *.trafficmanager.net with SSL if using Azure Managed Certificates (in preview)
https://azure.microsoft.com/en-us/updates/secure-your-custom-domains-at-no-cost-with-app-service-managed-certificates-preview/
It is not available out-of-the-box (even so SSL for TM in WebApp has green checkbox already) - however can be easily achieved using small PS snippet - see following URLs for additional reference and the PS script:
https://docs.microsoft.com/answers/questions/1181/managed-certificates-behind-traffic-manager.html
https://dotnetdevlife.wordpress.com/2019/11/11/app-service-managed-certificate/

Hope this helps. Please let us know if you have any further questions and we will be glad to assist you further. Thank you!

Remember:

Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

Want a reminder to come back and check responses? Here is how to subscribe to a notification.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.