The Azure Application Gateway is a load balancer with some additional features, such as path-based routing, a web application firewall or SSL termination. However, if the traffic to the backend has to be encrypted also, (it has to be re-encrypted), this is also possible.
However, the setup of re-encrypt differs for version 1 and version 2 applications gateways. The process for version 1 is described in this post.
1. Generate SSL Certificate (here on Windows)
The first step is optional if the certificate is generated by a corresponding issuer. A self-signed certificate should serve as an example here. The creation is easy and goes directly in the IIS.
![](https://blog.zuehlke.cloud/wp-content/uploads/2023/05/iis-create-sscert1.png)
![](https://blog.zuehlke.cloud/wp-content/uploads/2023/05/iis-create-sscert2.png)
![](https://blog.zuehlke.cloud/wp-content/uploads/2023/05/iis-create-sscert3-1024x775.png)
2. Export Certificate
The second step is to export the certificate. It is only important that the certificate is exported as Base-64 CER-file. The key does not have to be exported. Application gateway only needs the public key of the certificate. The process is simple in IIS:
![](https://blog.zuehlke.cloud/wp-content/uploads/2023/05/iis-export-sscert1.png)
![](https://i1.wp.com/blog.zuehlke.cloud/wp-content/uploads/2023/05/iis-export-sscert2.png?fit=676%2C456&ssl=1)
![](https://i1.wp.com/blog.zuehlke.cloud/wp-content/uploads/2023/05/iis-export-sscert3.png?fit=676%2C448&ssl=1)
3. Configure Application Gateway with the exported Certificate
The last step is to configure the application gateway. In order to configure the backend re-encryption, the HTTP settings must be switched to HTTPS (Port 443) and the exported certificate must be uploaded. The name of the certificate is automatic changed to a unique internal name that begins with back-setting.
If the settings are correct and the backend is responding on port 443, it is displayed as healthy unter the blade backend health.
![](https://i1.wp.com/blog.zuehlke.cloud/wp-content/uploads/2023/05/iis-appgwv1-config1.png?fit=676%2C302&ssl=1)
![](https://blog.zuehlke.cloud/wp-content/uploads/2023/05/iis-appgwv1-config2.png)
1 Pingback