Assigning a Certificate to the Application Gateway¶
In order to prevent a security certificate error from occurring when you HTTPS to Cloud Access Manager through the public IP address, you can assign a certificate to the application gateway within the Microsoft Azure portal. You need to create a new basic listener in the application gateway, upload a PFX file and then edit the rule associated with that listener.
Prerequisites Required to Assign a Certificate¶
The following section outlines prerequisite information required to successfully assign a certificate to the application gateway:
- You are required to have a certificate that is signed and validated. It must be signed by a root certificate that the client trusts. You will need to upload this certificate, in a PFX format, to the Microsoft Azure portal.
- The DNS needs to be setup so that 'cam.example.com' for example, is registered to the public IP address of the application gateway.
Creating a New Listener¶
This section outlines the steps involved in creating a new listener using the Microsoft Azure portal:
From the Microsoft Azure portal click the resource groups icon and select the resource group of the Cloud Access Manager connection service you wish to modify.
Click on CAM-ApplicationGateway
, Where is the number of the connection service.
- Click Listeners to display the listeners associated with that resource group.
- Click Basic to create a new listener and open the Add basic listener input fields.
- Enter a name for your new listener.
- Select appGatewayFrontendIP as the Frontend IP configuration.
- Select the port you want to use. For a quicker connection and easier setup, it is recommended that you use another port besides 443. You can update it back to 443 after the listener has been changed in the rule.
- Click HTTPS as the Protocol.
- Click +New to upload and name the certificate. You must enter the password you used when you created the certificate. The certificate has to be in a PFX format.
- Click OK.
Editing the Path-Based Rule¶
It can take several minutes for the new listener to be created. Once you have the new listener successfully created you need to edit the rule to point to your new listener, as shown in the following steps:
- From the Microsoft Azure portal click the resource groups icon and select the resource group you used when deploying Cloud Access Manager.
- Click applicationGateway1 to display the settings and components of the gateway.
- Click Rules from the settings menu to display the rules associated with the gateway.
- Click the rule you want to edit and click Edit from the rule options page.
- Change the Listener option to the listener you created and click Save.
Once the application gateway changes have saved successfully, you can access Cloud Access Manager with a secure connection, at the port number you chose above. You are taken directly to the Cloud Access Manager sign in page. Go back and change the original listener to another port and then change the port of the new listener to 443.