Azure-docs: Explicit statement re Intermediate Certs would be helpful

Created on 21 Apr 2020 · 3Comments · Source: MicrosoftDocs/azure-docs

If the Trusted Root CA Certificate is a private, offline root CA, which authenticates an online Enterprise CA, do we:
1) Only need to upload the offline root CA cert?
2) Also need to upload the intermediate/Enterprise-CA cert?
3) ONLY upload the Enterprise CA's certificate as the "Trusted Root CA Certificate"?

It appears from the doco above that option 1) is sufficient...but then the doco is using a public GoDaddy cert, which won't match a lot of users' scenarios.

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: 5813d794-d0f4-24dd-077f-e640282329d2
Version Independent ID: fbbc4e6b-6565-4531-f8a7-4e21011e4636
Content: Certificates required to allow backend servers - Azure Application Gateway
Content Source: articles/application-gateway/certificates-for-backend-authentication.md
Service: application-gateway
GitHub Login: @vhorne
Microsoft Alias: absha

Pri2 application-gatewasvc cxp doc-enhancement triaged

Source

jdkrobinson

All 3 comments

@jdkrobinson Thank you for bringing this to our attention. We are investigating and will consider making an update to the document to better reflect the use case outlined.

Mike-Ubezzi-MSFT on 22 Apr 2020

❤1

@jdkrobinson The offline root CA cert should be all that is needed, but The intermediate certificate(s) should be bundled with server certificate and installed on the backend server.

TravisCragg-MSFT on 22 Apr 2020

👍1

@jdkrobinson We will now proceed to close this thread. If there are further questions regarding this matter, please tag me in your reply. We will gladly continue the discussion and we will reopen the issue.

TravisCragg-MSFT on 28 Apr 2020

👍1

Was this page helpful?

0 / 5 - 0 ratings