I am trying to move our API Management instance behind the application gateway. I created a private dnszone on which the API management ETC is listening. I created Self Signed certificates for this private DNS zone0.

Uploaded the root certificate to the certificates tabs under security, as well as under the HTTP(s) settings tab of the application gateway. however my custom healt probe and health check keep mentioning that the CN Name does not match that one of the backend.

I have to mention that hostname of the listener is a different hostname (our public domain name) than the hostname i used on the private DNS Zone. Is this a problem?

CodePudding user response：

You have to add the same custom domain used by application gateway to the api management service.

Api management is multi site service so it does not respond to the custom host names that are not defined under its custom domains because simply it does not know to which component/site it has to route the incoming request, also the the same extracted .CER certificate of the pfx certificate uploaded to api management should be added to the backend http settings for whitelisting purposes if you chose end to end ssl encryption, if you add a different certificate you will get a certificate mismatch error.