Azure Application Gateway using wrong certificate

I’ve been building some web infrastructure, which makes use of an Azure Application Gateway. The infrastructure is defined as code and deployed using Terraform.

There’s one pool of nodes serving a few of sites, which we differentiate using host headers, all standard stuff, and all working well – until we enable the SSL element, then both listeners seem to be serving up the same certificate, regardless of which one is assigned to it – So we’re naturally seeing name errors at this point.

If you get bitten by this one, ensure that you are setting ‘require_sni = true’ in your terraform code for the https listeners. The Azure portal defaults in on when you’re adding a multi-site listener, but it will need specifically including in the terraform.

If you’re using AzureRM JSON, the attribute is ‘RequireServerNameIndication’

The official lowdown is here

Leave a Reply

Your email address will not be published. Required fields are marked *