Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Azure Application Gateway - Multiple SSL Certificates?

Tags:

ssl

azure

Is it possible to set multiple Domains to point to an Azure Application Gateway Public IP and then upload SSL Certificates for each one that can then Offload on the Application Gateway?

For example if we'd like to have 200 LetsEncrypt certificates uploaded and terminating at the gateway, then forwarding traffic onto the internal VM IPs

like image 796
Marcus Avatar asked Sep 25 '22 21:09

Marcus


1 Answers

Is it possible to set multiple Domains to point to an Azure Application Gateway Public IP and then upload SSL Certificates for each one that can then Offload on the Application Gateway?

Yes, it is possible to set multiple domains to point to an Azure Application Gateway Public IP.

It is also possible to upload SSL certificates for each one so that Application Gateway offloads it.

However, there are limits. Please read below.

According to https://learn.microsoft.com/en-us/azure/azure-subscription-service-limits#application-gateway-limits you can upload a maximum of 20 certificates to a single Application Gateway resource, and only one certificate per HTTP listener.

You can however generate SAN certificate through LetsEncrypt and have a single certificate for multiple domains:

Can I get a certificate for multiple domain names (SAN certificates or UCC certificates)?

Yes, the same certificate can contain several different names using the Subject Alternative Name (SAN) mechanism.

https://letsencrypt.org/docs/faq/

I do not have experience yet with LetsEncrypt and do not know how to generate SAN certificate through LetsEncrypt.

We have SAN certificate (paid) through another company for multiple domains working in Application Gateway.

like image 158
Alex S Avatar answered Oct 21 '22 00:10

Alex S