In our scenario, we are providing SaaS platform which will automatically create customer specific traffic manager (xxxx.trafficmanager.net) each time when customer onboard our platform. The traffic manager will points to app service cross regions. The problem is, that if customer calls the traffic manager with HTTPS, the CERT warning will be shown. I know we can bind the cert to each of customer's traffic manager and upload the cert to azure. But since the traffic manager is automatically created in runtime, how can we automatically get a cert and bind to xxx.trafficmanager.net?
Asked
Active
Viewed 573 times
1 Answers
0
Traffic Manager works at the DNS level. It sends DNS responses to direct clients to the appropriate service endpoint. Clients then connect to the service endpoint directly, not through Traffic Manager. You will bind your cert to the endpoint, not Traffic Manger. If the endpoint is an Azure Web App, you can use the CLI or Powershell to bind the cert.
Therefore, Traffic Manager does not provide an endpoint or IP address for clients to connect to.
Traffic Manager supports probing over HTTPS. Configure HTTPS as the protocol in the monitoring configuration.
Traffic manager cannot provide any certificate validation, including:
- Server-side certificates are not validated
- SNI server-side certificates are not supported
- Client certificates are not supported
Ken W - Zero Networks
- 3,533
- 1
- 13
- 18
-
The cert was already automatically bind to app service, that is, if call app service endpoint using https, like https://mysite.azurewebsites.net, it works fine. But if call trough TM using https, like https://mytm.trafficmanager.net, it will show cert warning. I tried self-signed cert and bind to mytm.trafficmanager.net, it does resolve the cert warning issue, but I am seeking an automatic way to bind a cert to TM. – Youxu Feb 25 '19 at 21:13
-
So you are not using a custom domain name? Ideally you would use your foo.com custom domain name and you must also configure your DNS map to point to the Traffic Manager URL. https://learn.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-domain#map-your-domain – Ken W - Zero Networks Feb 25 '19 at 21:35