Categories
Uncategorized

Connect between Apps in the same ASE: Adding internal CA certs to the trusted root store for Web Apps hosted in ASE

By default applications running in an App Service will only have the normal public CAs in the trusted root store. This means that SSL connections against endpoints with a privately issued certificate will fail as untrusted. One common error message in this scenario is “SSL Certificate problem: unable to get local issuer certificate”.

A common scenario for this might be hosting 2 App Services inside an ILB ASE, one frontend and one backend, and making HTTPS calls from one -> to the other. Another scenario would be connecting from the Web App to an on-prem API secured with a self-signed or privately issued certificate.

The official Azure documentation is here: https://docs.microsoft.com/en-us/azure/app-service/environment/certificates#private-client-certificate.

The first step is to ensure that the target hostname is resolvable from the Web App, if it is hosted only in internal DNS. This step is possible for all App Services. Installing certs to the trusted root store is only currently possible using the more expensive App Service Environment (ASE).

Categories
Uncategorized

Supporting IPv6 in Azure App Service using an Azure Front Door frontend

Many developers would like their website to have support for IPv6 connectivity. Unfortunately IPv6 is not yet widely supported for most Azure services, including App Service, which includes Web Apps/Function Apps/Bot Service/etc.

The good news is that this is possible to achieve using Azure Front Door as a frontend, which does support IPv6. The Azure Front Door will then reach the Web App over IPv4.