Azure Front Door support for self-signed certificates on backend origins
It would be great to be able to use self-signed certificates on the backend pool VM's, Cloud Services, etc, but continue to use a Public CA signed certificate for the Frontend host.
Especially for Dev/Test environments where the default *.azurefd.net front-end domain/certificate is suitable for testing purposes and traffic to the back-end pool should be across https. It would save needing to buy and install certificates for dev/test environments.
Or, perhaps long-life "origin certs" could be issued by Front Door to be used on the back-end pool. Similar to Cloudflare's Origin Certs concept where the issued certs are trusted by Front Door, but not normal browsers.
This feature would be very helpful for our IoT API, where the cert is embedded within the firmware, so that checking the certificate is not necessary in that scenario.
Rajarshi Singh commented
We need support for self-signed certs as well.
The Cloud Services, supported by Azure Front Door, are hosted on cloudapp.net domain which does not have HTTPS and does not allow to issue SSL certificate for any subdomain. The self-signed certificate is the only option there.
PS. Of course, you can buy some intermediate custom domain, buy a valid certificate for it, map this domain to your app.cloudapp.net and configure this intermediate domain as backend in Azure Front Door (with your real custom domain) - but this is a bit over-engineering...