Skip to content
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Commit 49e6fd8

Browse files
committedApr 2, 2021
fixed formatting issues
1 parent 841c023 commit 49e6fd8

11 files changed

+68
-54
lines changed
 

‎articles/application-gateway/application-gateway-configure-listener-specific-ssl-policy.md

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
---
2-
title: Configure listener-specific SSL policies on Azure Application Gateway through Portal
3-
description: Learn how to configure listener-specific SSL policies on Application Gateway through Portal
2+
title: Configure listener-specific SSL policies on Azure Application Gateway through portal
3+
description: Learn how to configure listener-specific SSL policies on Application Gateway through portal
44
services: application-gateway
55
author: mscatyao
66
ms.service: application-gateway
@@ -9,7 +9,7 @@ ms.date: 03/30/2021
99
ms.author: caya
1010
---
1111

12-
# Configure listener-specific SSL policies on Application Gateway through Portal (Preview)
12+
# Configure listener-specific SSL policies on Application Gateway through portal (Preview)
1313

1414
This article describes how to use the Azure portal to configure listener-specific SSL policies on your Application Gateway. Listener-specific SSL policies allow you to configure specific listeners to use different SSL policies from each other. You'll still be able to set a default SSL policy that all listeners will use unless overwritten by the listener-specific SSL policy.
1515

@@ -24,7 +24,7 @@ If you don't have an Azure subscription, create a [free account](https://azure.m
2424

2525
First create a new Application Gateway as you would usually through the portal - there are no additional steps needed in the creation to configure listener-specific SSL policies. For more information on how to create an Application Gateway in portal, check out our [portal quickstart tutorial](./quick-create-portal.md).
2626

27-
## Set up a listener-specific SSL policy on an existing Application Gateway
27+
## Set up a listener-specific SSL policy
2828

2929
To set up a listener-specific SSL policy, you'll need to first go to the **SSL settings (Preview)** tab in the Portal and create a new SSL profile. When you create an SSL profile, you'll see two tabs: **Client Authentication** and **SSL Policy**. The **SSL Policy** tab is to configure a listener-specific SSL policy. The **Client Authentication** tab is where to upload a client certificate(s) for mutual authentication - for more information, check out [Configuring a mutual authentication](./mutual-authentication-portal.md).
3030

@@ -45,11 +45,11 @@ To set up a listener-specific SSL policy, you'll need to first go to the **SSL s
4545

4646
7. Select **Add** to save.
4747

48-
> [!NOTE]
49-
> You don't have to configure client authentication on an SSL profile to associate it to a listener. You can have only client authentication configure, or only listener specific SSL policy configured, or both configured in your SSL profile.
50-
51-
![Add listener specific SSL policy to SSL profile](./media/application-gateway-configure-listener-specific-ssl-policy/listener-specific-ssl-policy-ssl-profile.png)
48+
> [!NOTE]
49+
> You don't have to configure client authentication on an SSL profile to associate it to a listener. You can have only client authentication configure, or only listener specific SSL policy configured, or both configured in your SSL profile.
5250
51+
![Add listener specific SSL policy to SSL profile](./media/application-gateway-configure-listener-specific-ssl-policy/listener-specific-ssl-policy-ssl-profile.png)
52+
5353
## Associate the SSL profile with a listener
5454

5555
Now that we've created an SSL profile with a listener-specific SSL policy, we need to associate the SSL profile to the listener to put the listener-specific policy in action.
@@ -70,7 +70,7 @@ Now that we've created an SSL profile with a listener-specific SSL policy, we ne
7070

7171
8. Click **Add** to save your new listener with the SSL profile associated to it.
7272

73-
![Associate SSL profile to new listener](./media/mutual-authentication-portal/mutual-authentication-listener-portal.png)
73+
![Associate SSL profile to new listener](./media/mutual-authentication-portal/mutual-authentication-listener-portal.png)
7474

7575
## Next steps
7676

‎articles/application-gateway/mutual-authentication-certificate-management.md

Lines changed: 33 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -27,73 +27,85 @@ The following steps help you export the .pem or .cer file for your certificate:
2727

2828
1. To obtain a .cer file from the certificate, open **Manage user certificates**. Locate the certificate, typically in 'Certificates - Current User\Personal\Certificates', and right-click. Click **All Tasks**, and then click **Export**. This opens the **Certificate Export Wizard**. If you can't find the certificate under Current User\Personal\Certificates, you may have accidentally opened "Certificates - Local Computer", rather than "Certificates - Current User"). If you want to open Certificate Manager in current user scope using PowerShell, you type *certmgr* in the console window.
2929

30-
![Screenshot shows the Certificate Manager with Certificates selected and a contextual menu with All tasks, then Export selected.](./media/certificates-for-backend-authentication/export.png)
30+
> [!div class="mx-imgBorder"]
31+
> ![Screenshot shows the Certificate Manager with Certificates selected and a contextual menu with All tasks, then Export selected.](./media/certificates-for-backend-authentication/export.png)
3132
3233
2. In the Wizard, click **Next**.
33-
34-
![Export certificate](./media/certificates-for-backend-authentication/exportwizard.png)
34+
> [!div class="mx-imgBorder"]
35+
> ![Export certificate](./media/certificates-for-backend-authentication/exportwizard.png)
3536
3637
3. Select **No, do not export the private key**, and then click **Next**.
37-
38-
![Do not export the private key](./media/certificates-for-backend-authentication/notprivatekey.png)
38+
> [!div class="mx-imgBorder"]
39+
> ![Do not export the private key](./media/certificates-for-backend-authentication/notprivatekey.png)
3940
4041
4. On the **Export File Format** page, select **Base-64 encoded X.509 (.CER).**, and then click **Next**.
41-
42-
![Base-64 encoded](./media/certificates-for-backend-authentication/base64.png)
42+
> [!div class="mx-imgBorder"]
43+
> ![Base-64 encoded](./media/certificates-for-backend-authentication/base64.png)
4344
4445
5. For **File to Export**, **Browse** to the location to which you want to export the certificate. For **File name**, name the certificate file. Then, click **Next**.
4546

46-
![Screenshot shows the Certificate Export Wizard where you specify a file to export.](./media/certificates-for-backend-authentication/browse.png)
47+
> [!div class="mx-imgBorder"]
48+
> ![Screenshot shows the Certificate Export Wizard where you specify a file to export.](./media/certificates-for-backend-authentication/browse.png)
4749
4850
6. Click **Finish** to export the certificate.
4951

50-
![Screenshot shows the Certificate Export Wizard after you complete the file export.](./media/certificates-for-backend-authentication/finish.png)
52+
> [!div class="mx-imgBorder"]
53+
> ![Screenshot shows the Certificate Export Wizard after you complete the file export.](./media/certificates-for-backend-authentication/finish.png)
5154
5255
7. Your certificate is successfully exported.
5356

54-
![Screenshot shows the Certificate Export Wizard with a success message.](./media/certificates-for-backend-authentication/success.png)
57+
> [!div class="mx-imgBorder"]
58+
> ![Screenshot shows the Certificate Export Wizard with a success message.](./media/certificates-for-backend-authentication/success.png)
5559
5660
The exported certificate looks similar to this:
5761

58-
![Screenshot shows a certificate symbol.](./media/certificates-for-backend-authentication/exported.png)
62+
> [!div class="mx-imgBorder"]
63+
> ![Screenshot shows a certificate symbol.](./media/certificates-for-backend-authentication/exported.png)
5964
6065
### Export CA certificate(s) from the public certificate
6166

6267
Now that you've exported your public certificate, you will now export the CA certificate(s) from your public certificate. If you only have a root CA, you'll only need to export that certificate. However, if you have 1+ intermediate CAs, you'll need to export each of those as well.
6368

6469
1. Once the public key has been exported, open the file.
6570

66-
![Open authorization certificate](./media/certificates-for-backend-authentication/openAuthcert.png)
71+
> [!div class="mx-imgBorder"]
72+
> ![Open authorization certificate](./media/certificates-for-backend-authentication/openAuthcert.png)
6773
68-
![about certificate](./media/mutual-authentication-certificate-management/general.png)
74+
> [!div class="mx-imgBorder"]
75+
> ![about certificate](./media/mutual-authentication-certificate-management/general.png)
6976
7077
1. Select the Certification Path tab to view the certification authority.
7178

72-
![cert details](./media/mutual-authentication-certificate-management/certdetails.png)
79+
> [!div class="mx-imgBorder"]
80+
> ![cert details](./media/mutual-authentication-certificate-management/cert-details.png)
7381
7482
1. Select the root certificate and click on **View Certificate**.
7583

76-
![cert path](./media/mutual-authentication-certificate-management/rootcert.png)
84+
> [!div class="mx-imgBorder"]
85+
> ![cert path](./media/mutual-authentication-certificate-management/root-cert.png)
7786
7887
You should see the root certificate details.
7988

80-
![cert info](./media/mutual-authentication-certificate-management/rootcertdetails.png)
89+
> [!div class="mx-imgBorder"]
90+
> ![cert info](./media/mutual-authentication-certificate-management/root-cert-details.png)
8191
8292
1. Select the **Details** tab and click **Copy to File...**
8393

84-
![copy root cert](./media/mutual-authentication-certificate-management/rootcertcopytofile.png)
94+
> [!div class="mx-imgBorder"]
95+
> ![copy root cert](./media/mutual-authentication-certificate-management/root-cert-copy-to-file.png)
8596
8697
1. At this point, you've extracted the details of the root CA certificate from the public certificate. You'll see the **Certificate Export Wizard**. Follow steps 2-7 from the previous section ([Export public certificate](./mutual-authentication-certificate-management.md#export-public-certificate)) to complete the Certificate Export Wizard.
8798

8899
1. Now repeat steps 2-6 from this current section ([Export CA certificate(s) from the public certificate](./mutual-authentication-certificate-management.md#export-ca-certificates-from-the-public-certificate)) for all intermediate CAs to export all intermediate CA certificates in the Base-64 encoded X.509(.CER) format.
89100

90-
![intermediate cert](./media/mutual-authentication-certificate-management/intermediatecert.png)
101+
> [!div class="mx-imgBorder"]
102+
> ![intermediate cert](./media/mutual-authentication-certificate-management/intermediate-cert.png)
91103
92104
For example, you would repeat steps 2-6 from this section on the *MSIT CAZ2* intermediate CA to extract it as its own certificate.
93105

94106
### Concatenate all your CA certificates into one file
95107

96-
15. Run the following command with all the CA certificates you extracted earlier.
108+
1. Run the following command with all the CA certificates you extracted earlier.
97109

98110
Windows:
99111
```console
@@ -107,7 +119,8 @@ Now that you've exported your public certificate, you will now export the CA cer
107119

108120
Your resulting combined certificate should look something like the following:
109121
110-
![combined cert](./media/mutual-authentication-certificate-management/combinedcert.png)
122+
> [!div class="mx-imgBorder"]
123+
> ![combined cert](./media/mutual-authentication-certificate-management/combined-cert.png)
111124

112125
## Next steps
113126

‎articles/application-gateway/mutual-authentication-portal.md

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
---
2-
title: Configure mutual authentication on Azure Application Gateway through Portal
3-
description: Learn how to configure an Application Gateway to have mutual authentication through Portal
2+
title: Configure mutual authentication on Azure Application Gateway through portal
3+
description: Learn how to configure an Application Gateway to have mutual authentication through portal
44
services: application-gateway
55
author: mscatyao
66
ms.service: application-gateway
@@ -9,7 +9,7 @@ ms.date: 03/30/2021
99
ms.author: caya
1010
---
1111

12-
# Configure mutual authentication with Application Gateway through Portal (Preview)
12+
# Configure mutual authentication with Application Gateway through portal (Preview)
1313

1414
This article describes how to use the Azure portal to configure mutual authentication on your Application Gateway. Mutual authentication means Application Gateway authenticates the client sending the request using the client certificate you upload onto the Application Gateway.
1515

@@ -25,7 +25,7 @@ To learn more, especially about what kind of client certificates you can upload,
2525

2626
First create a new Application Gateway as you would usually through the portal - there are no additional steps needed in the creation to enable mutual authentication. For more information on how to create an Application Gateway in portal, check out our [portal quickstart tutorial](./quick-create-portal.md).
2727

28-
## Configure mutual authentication on an existing Application Gateway
28+
## Configure mutual authentication
2929

3030
To configure an existing Application Gateway with mutual authentication, you'll need to first go to the **SSL settings (Preview)** tab in the Portal and create a new SSL profile. When you create an SSL profile, you'll see two tabs: **Client Authentication** and **SSL Policy**. The **Client Authentication** tab is where you'll upload your client certificate(s). The **SSL Policy** tab is to configure a listener specific SSL policy - for more information, check out [Configuring a listener specific SSL policy](./application-gateway-configure-listener-specific-ssl-policy.md).
3131

@@ -52,8 +52,8 @@ To configure an existing Application Gateway with mutual authentication, you'll
5252
7. Consider adding a listener specific policy. See instructions at [setting up listener specific SSL policies](./application-gateway-configure-listener-specific-ssl-policy.md).
5353

5454
8. Select **Add** to save.
55-
56-
![Add client authentication to SSL profile](./media/mutual-authentication-portal/mutual-authentication-portal.png)
55+
> [!div class="mx-imgBorder"]
56+
> ![Add client authentication to SSL profile](./media/mutual-authentication-portal/mutual-authentication-portal.png)
5757
5858
## Associate the SSL profile with a listener
5959

@@ -75,7 +75,8 @@ Now that we've created an SSL profile with mutual authentication configured, we
7575

7676
8. Click **Add** to save your new listener with the SSL profile associated to it.
7777

78-
![Associate SSL profile to new listener](./media/mutual-authentication-portal/mutual-authentication-listener-portal.png)
78+
> [!div class="mx-imgBorder"]
79+
> ![Associate SSL profile to new listener](./media/mutual-authentication-portal/mutual-authentication-listener-portal.png)
7980
8081
## Renew expired client CA certificates
8182

‎articles/application-gateway/mutual-authentication-powershell.md

Lines changed: 16 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -138,26 +138,26 @@ Remove-AzResourceGroup -Name $rgname
138138
In the case that your client CA certificate has expired, you can update the certificate on your gateway through the following steps:
139139

140140
1. Sign in to Azure
141-
```azurepowershell
142-
Connect-AzAccount
143-
Select-AzSubscription -Subscription "<sub name>"
144-
```
141+
```azurepowershell
142+
Connect-AzAccount
143+
Select-AzSubscription -Subscription "<sub name>"
144+
```
145145
2. Get your Application Gateway configuration
146-
```azurepowershell
147-
$gateway = Get-AzApplicationGateway -Name "<gateway-name>" -ResourceGroupName "<resource-group-name>"
148-
```
146+
```azurepowershell
147+
$gateway = Get-AzApplicationGateway -Name "<gateway-name>" -ResourceGroupName "<resource-group-name>"
148+
```
149149
3. Remove the trusted client certificate from the gateway
150-
```azurepowershell
151-
Remove-AzApplicationGatewayTrustedClientCertificate -Name "<name-of-client-certificate>" -ApplicationGateway $gateway
152-
```
150+
```azurepowershell
151+
Remove-AzApplicationGatewayTrustedClientCertificate -Name "<name-of-client-certificate>" -ApplicationGateway $gateway
152+
```
153153
4. Add the new certificate onto the gateway
154-
```azurepowershell
155-
Add-AzApplicationGatewayTrustedClientCertificate -ApplicationGateway $gateway -Name "<name-of-new-cert>" -CertificateFile "<path-to-certificate-file>"
156-
```
154+
```azurepowershell
155+
Add-AzApplicationGatewayTrustedClientCertificate -ApplicationGateway $gateway -Name "<name-of-new-cert>" -CertificateFile "<path-to-certificate-file>"
156+
```
157157
5. Update the gateway with the new certificate
158-
```azurepowershell
159-
Set-AzApplicationGateway -ApplicationGateway $gateway
160-
```
158+
```azurepowershell
159+
Set-AzApplicationGateway -ApplicationGateway $gateway
160+
```
161161
162162
## Next steps
163163

‎articles/application-gateway/mutual-authentication-troubleshooting.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -111,8 +111,8 @@ There are two potential causes behind this error code.
111111
#### Solution
112112

113113
Depending on the cause of this error, there are two potential solutions.
114-
1. Validate that the certificate chain uploaded was in the right format (PEM) and that the certificate data was properly delimited.
115-
2. Check that the certificate file uploaded contained the certificate data in addition to the delimiters.
114+
* Validate that the certificate chain uploaded was in the right format (PEM) and that the certificate data was properly delimited.
115+
* Check that the certificate file uploaded contained the certificate data in addition to the delimiters.
116116

117117
### Error code: ApplicationGatewayTrustedClientCertificateDoesNotContainAnyCACertificate
118118

0 commit comments

Comments
 (0)
Please sign in to comment.