Azure App Service Environment ILB - Support for Internal Certificate Authorities
Currently the documentation for Azure App Service Environment with ILB claims it supports internal certificate authorities.
As part of the documentation it is recommended that a user bundles their server auth certificate with the full certificate chain - thus producing a PFX file or base64 encoding it and uploading through powershell.
However when testing with OpenSSL or on an iOS device, the first request never sees the full certificate chain and fails with "invalid server certificate". It is on a subsequent request the full chain is delivered - leaving users to hit refresh once in their browser to load a site.
It is common for internal certificate authorities to use intermediate certificates as part of their certificate chain. The full chain should be persisted throughout the ASE and it's app services, and delivered on every request.
Thanks for the request! We’re looking to improve the overall certificate experience within ILB ASEs.