Our App Service (let's say APP. azurewebsites.net) is running on an P1V2 plan, .NET 3.1 and Windows in EUWE.
Since Wednesday 2021-03-17, 12:33 UTC we see one of our functions (lets say FUNC. azurewebsites.net) in the same VNet and plan emitting the following exception:
The SSL connection could not be established, see inner exception. The remote certificate is invalid according to the validation procedure.
Accessing APP from the public internet results in a valid certificate issued by Microsoft and valid till Sept 2021.
Accessing APP from our VNet results in the error (e.g. with Firefox)
Firefox does not trust APP. azurewebsites.net because its certificate issuer is unknown, the certificate is self-signed, or the server is not sending the correct intermediate certificates. Error code: SEC_ERROR_UNKNOWN_ISSUER
On closer inspection, we see this is a different certificate:
Validity not before: Wed, 17 Mar 2021 11:00:13 GMT
Not after: Mon, 22 Mar 2021 11:00:13 GMT
Issuer: Cisco Umbrella Secondary SubCA ams-SG
Investigating the SubCA we see the following:
Validity not before: Wed, 17 Mar 2021 18:40:31 GMT
Not after: Sun, 28 Mar 2021 18:40:31 GMT
In other words, our problem started 12:33 GMT, probably because the new certificate was used (11:00 GMT) but signed with a sub certificate that isn't valid until 6 hours later !!!
How can we resolve this issue? We have seen something like this before in our development environment but didn't do any deeper investigation at that time. The problem was solved by itself (hinting at the same certificate issue).
More details on our subscription and the real applications are hidden for security reasons.
Thank you in advance.
Best regards,
Vincent