You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/frontdoor/troubleshoot-issues.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -61,17 +61,17 @@ The cause of this issue can be one of three things:
61
61
62
62
The cause of this problem can be one of three things:
63
63
64
-
* The backend pool is an IP address.
65
-
* The backend server returns a certificate that doesn't match the fully qualified domain name (FQDN) of the Azure Front Door backend pool.
66
-
* The backend pool is an Azure Web Apps server.
64
+
* The backend is an IP address.
65
+
* The backend server returns a certificate that doesn't match the fully qualified domain name (FQDN) of the Azure Front Door backend.
66
+
* The backend is an Azure Web Apps server.
67
67
68
68
### Troubleshooting steps
69
69
70
-
* The backend pool is an IP address.
70
+
* The backend is an IP address.
71
71
72
72
`EnforceCertificateNameCheck` must be disabled.
73
73
74
-
Azure Front Door has a switch called `EnforceCertificateNameCheck`. By default, this setting is enabled. When enabled, Azure Front Door checks that the backend pool host name FQDN matches the backend server certificate's certificate name or one of the entries in the subject alternative names extension.
74
+
Azure Front Door has a switch called `EnforceCertificateNameCheck`. By default, this setting is enabled. When enabled, Azure Front Door checks that the backend host name FQDN matches the backend server certificate's certificate name or one of the entries in the subject alternative names extension.
75
75
76
76
- How to disable `EnforceCertificateNameCheck` from the Azure portal:
77
77
@@ -83,12 +83,12 @@ The cause of this problem can be one of three things:
83
83
84
84
:::image type="content" source="./media/troubleshoot-issues/validation-checkbox.png" alt-text="Screenshot of the certificate subject name validation checkbox.":::
85
85
86
-
* The backend server returns a certificate that doesn't match the FQDN of the Azure Front Door backend pool. To resolve this issue, you have two options:
86
+
* The backend server returns a certificate that doesn't match the FQDN of the Azure Front Door backend. To resolve this issue, you have two options:
87
87
88
88
- The returned certificate must match the FQDN.
89
89
-`EnforceCertificateNameCheck` must be disabled.
90
90
91
-
* The backend pool is an Azure Web Apps server:
91
+
* The backend is an Azure Web Apps server:
92
92
93
93
- Check if the Azure web app is configured with IP-based SSL instead of being SNI (server name indication) based. If the web app is configured as IP based, it should be changed to SNI.
94
94
- If the backend is unhealthy because of a certificate failure, a 503 error message is returned. You can verify the health of the backends on ports 80 and 443. If only 443 is unhealthy, it's likely an issue with SSL. Because the backend is configured to use the FQDN, we know it's sending SNI.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments