Azure-docs: Backend Authentication certificate issue

@sajithvasu I am not aware of any changes that have been made on the App Gateway side that would make this not work.

If you have properly added the certificate, and the backend pool is pointing to the custom domain (not the azurewebsites.net domain), then your best options are to either try the V2 SKU, or open a support request to troubleshoot further. If you do not have a support plan, please let me know,

@sajithvasu I would continue to work with the support engineers while they look deeper into your authentication certificate. An issue with your configuration needs to be ruled out first.

@TravisCragg-MSFT: I have same configuration on different places which were built a while ago and those are perfectly working fine. Our configuration is similar to this article but we are using WAF V1 sku - https://www.domstamand.com/end-to-end-ssl-solution-using-web-apps-and-azure-application-gateway-multisite-hosting/
Can you recreate this scenario in your lab using multi-site and custom domain on appservices with SNI bind SSL and cert issued by different CA than Microsoft and not the default azurewebsites.net and you may hit this issue?

Hi @TravisCragg-MSFT : Were you able to check this?

I had this same issue. Ended up swapping to App Gateway V2 instead using the Trusted CA cert option on the backend http settings

@TravisCragg-MSFT: Any luck? Were you able to reproduce this scenario and check?

@sajithvasu This lab takes quite a long time to set up! I am currently experimenting with different ways to add the backend pools and heath probes to find a working configuration. I will let you know what I find.

Most of the best practice documentation involves the V2 SKU and not the V1.

@TravisCragg-MSFT : Thank you! I will wait for the outcome. Just FYI. It worked fine for me with the new setup in the month of September with V1 SKU. This month for new environment build we started encountering this problem.

@TravisCragg-MSFT : Did you find out anything?

@sajithvasu My apologies for this taking a long time, but there are some strange issues here(as you have already discovered). This will take some time to track down, fix, and the docs will need to be updated with limitations & best practices. I will post any updates here as soon as I have them.

@TravisCragg-MSFT: Thanks for checking this. I will wait for your response. I will clean-up some of my older comments to keep it generic to all since the issue has been identified.

I am having the same issue with App GW v1 in front of an API Management. I just set it up and cannot get the health probe for HTTPS healthy. When I use v2 SKU with the option to trust the backend certificate from APIM it works. Unfortunately I have to use the v1 for this set-up.

We are in the same situation as @JeromeVigne: App Gateway v1 as front-end to API Management, the health probe is unhealthy with the "Backend server certificate is not whitelisted with Application Gateway." error. The v2 SKU is not an option at the moment due to lack of UDR support.
@JeromeVigne did you find a solution in your setup?