Hi, we want to know if setting a Azure Private DNS in our VNET is the only way to solve the on-premise backend which cannot be resolved by default Azure DNS.
Our environment and attempts.
Backend : Dynamic Navision (on-premise), installed on AWS EC2 in private network.
Test 1 : Use FQDN
Result : The remote name could not be resolved : navstg.mycompany.com
Test 2 : Use IP - default
Result : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.",
"The remote certificate is invalid according to the validation procedure https://10.123.4.56:10748
Test 3 : Use ip - on APIM , disable Validate certificate chain
Result : pass, but might be insecure. ( already consult [here][1] )
Test 4 : Use ip- on APIM , enable Validate certificate chain , install certificate provided by backend team
Result : Same like Test 2
We guess the failure is from the mismatch between ip and CNAME on the certificate.
![118539-image.png][2]
It looks like ip, especially internal IP, cannot be use to apply for CA, so we need to back to Test 1 and try to solve the DNS problem.
[1]: https://docs.microsoft.com/en-us/answers/questions/491411/is-disabling-validate-certificate-chain-safe.html
[2]: /answers/storage/attachments/118539-image.png
Since our backends are hybrid, with internal on-premise systems and external cloud systems, if having a Azure Private DNS, does that mean we need to maintain both internal and external mappings ? Not sure the effort on this . Or any of you experts have other thoughts on this problem ?
Any advice and suggestions will be greatly appreciated
Thank you