Merge pull request #185008 from duongau/patch-2

PRMerger20 · web-flow · commit 0e5ae5d6c9e3 · 2022-01-13T11:16:00.000-08:00
AFD end-to-end TLS - update text for disabling cert name check
diff --git a/articles/frontdoor/concept-end-to-end-tls.md b/articles/frontdoor/concept-end-to-end-tls.md
@@ -47,7 +47,7 @@ For HTTPS connections, Azure Front Door expects that your backend presents a cer
 > [!NOTE]
 > The certificate must have a complete certificate chain with leaf and intermediate certificates. The root CA must be part of the [Microsoft Trusted CA List](https://ccadb-public.secure.force.com/microsoft/IncludedCACertificateReportForMSFT). If a certificate without complete chain is presented, the requests which involve that certificate are not guaranteed to work as expected.
 
-From a security standpoint, Microsoft doesn't recommend disabling certificate subject name check. In certain use cases such as for testing, for example, your origin must use a self-signed certificate. As a work-around to resolve failing HTTPS connection, can you disable certificate subject name check for your Azure Front Door. The option to disable is present under the Azure Front Door settings in the Azure portal and on the BackendPoolsSettings in the Azure Front Door API. 
+From a security standpoint, Microsoft doesn't recommend disabling certificate subject name check. In certain use cases such as for testing, as a work-around to resolve failing HTTPS connection, you can disable certificate subject name check for your Azure Front Door. Note that the origin still needs to present a certificate with a valid trusted chain, but doesn't have to match the origin host name. The option to disable is present under the Azure Front Door settings in the Azure portal and on the BackendPoolsSettings in the Azure Front Door API. 
 
 ## Frontend TLS connection (Client to Front Door)
 
