Azure ASE,应用服务计划已停止使用当前CA. [英] Azure ASE, App Service Plan Stopped working with an current CA.
问题描述
VIP已在我们的本地F5老虎平衡器上实施,因此可以在内部访问网络应用程序。自VIP实施以来,我们在Azure ILB上的证书已经消失,我再也无法在门户中看到它。和resour
If我理解正确,您无法在Azure ILB中看到您的证书。
通常,ILB ASE使用内部颁发的SSL证书,由内部CA颁发,此CA在公共Internet上不受信任,在使用私有颁发的证书进行证书验证时,HTTPS调用也会失败。
< span style ="color:#333333">您可以使用CURL命令通过HTTPS对目标站点在Web App的Kudu控制台中对此进行测试。如果这些失败并出现SSL验证错误,您可以确认问题与SSL连接有关。
要将内部CA加载到受信任的根存储区以允许私有颁发证书的客户端 - 服务器方案,并且Web App是客户端,您可以按照步骤
私人客户端证书。 将证书加载到受信任的根存储区后,HTTPS连接应该一直成功。
Azure ASE was deployed with a CA attached to the ILB. A custom domain was initiated. The App Service Plan, Web App were all working as they should. Because of Security constraints, the App could only be accessed via a Jump Station, Internal to Azure. A VIP was implemented on our on-prem F5 laod balancer, so the web apps can be accessed internally. Since the implementation of the VIP, our certificate on the Azure ILB has disappeared and i can no longer see it in the portal. And the resour
If I have understood right, you are not able to see your certificate in the Azure ILB.
Typically, an ILB ASE use an internally issued SSL certificate, issued from an internal CA and this CA is not trusted on public Internet, also HTTPS call fails on certificate validation using a privately issued certificate. You can test this in Web App’s Kudu console using CURL command against the target site over HTTPS. If these fail with an SSL validation errors, you can confirm that the issue is with the SSL connectivity.
To load the internal CA to the trusted root store to allow a client-server scenario where the cert is privately issued, and the Web App is the client you can follow steps Private client certificate. Once the certs are loaded to the trusted root store, the HTTPS connections should be successful all the way through.
这篇关于Azure ASE,应用服务计划已停止使用当前CA.的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
