skip to Main Content

I have one Azure app service (App Service A) configured with private endpoints, within which I have an API (API 1). Additionally, I have another Azure Cloud Service (extended support) (App Service B), which is a public/normal Azure app service. My objective is to establish a connection to API 1 from App Service B. Both app services reside in the same VNet.

I’ve come across a similar post with the same query but couldn’t find the actual solution. When attempting to call the private endpoint (https://testprivateendpoint.privatelink.azurewebsites.com), I encounter exceptions:

  1. AuthenticationException: The remote certificate is invalid according
    to the validation procedure.
  2. WebException: The underlying connection
    was closed: Could not establish trust relationship for the SSL/TLS
    secure channel.
  3. HttpRequestException: An error occurred while
    sending the request.

2

Answers


  1. Chosen as BEST ANSWER

    Figured out what I was doing wrong. Basically, instead of using https://testprivateendpoint.privatelink.azurewebsites.com, I have to use https://testprivateendpoint.azurewebsites.com.


  2. Check that DNS resolution is setup to resolve the private endpoint URL to its private IP.

    App Service B does not seem to trust the cert presented by API 1. Is the cert self-signed?

    You may have to handle the cert validation in your App Service B code, but this is considered insecure due to the risk of MItM attacks.

    Hope this helps.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search