| Cloud Vendor | Microsoft Azure |
| Proficiency Level | Cloud Enthusiast |
| Tags | Application GatewayCertificatesLoad BalancerWeb Server |
Summary
In this lab, you will configure HTTPS Listener in an Application Gateway in Microsoft Azure. You will upload a self-signed certificate to the Application Gateway and will disable the HTTP listener to allow only secure traffic.
Each exercise below builds upon the previous one. You should start each new exercise from the last step of the previous exercise unless it is explicitly written otherwise.
Learning Objectives
After completion of this lab, you will be able to:
- Upload a self-signed certificate to an Application Gateway in Microsoft Azure
- Configure and HTTPS Listener on the Application Gateway to enable secure Web traffic
- Disable the HTTP Listener on the Application Gateway to avoid unsecured traffic
Prerequisites
To complete this lab, you will need the following:
- Reliable internet connection
- A work, school or personal Microsoft Account used to access Microsoft Azure Management Portal
- A subscription for Microsoft Azure
- You will need to complete one of the Creating a Self-Signed Certificate on Mac OS X or Creating a Self-Signed Certificate on Windows 10 labs
- You will need to complete the Creating an Application Gateway in Microsoft Azure lab
Exercise #1: Add an HTTPS Listener in Azure Application Gateway
In this exercise, you will add an HTTPS Listener in the Application Gateway in Microsoft Azure.
Steps
- Sign into the Microsoft Azure Management Portal at http://portal.azure.com using your Microsoft Account
- Click on the
button in the left-hand navigation - Find the
networkinglab01-rgand click on it - From the list of resources in the
networkinglab01-rgresource group, find thenetworkinglab01-agApplication Gateway and click on it - Click on the
button in the Application Gateway blade - Click on the
button on the top of the Listeners blade - In the Add basic listener blade, fill in the following information in the form:
Listener name:https-listener
Frontend IP:Public
Port:443
Protocol:HTTPS - In the HTTPS Certificate section of the Add basic listener blade, fill in the following information:
Choose a certificate:Upload a certificate
PFX certificate file: Choose the self-signed certificate with PFX extension you have created in the Prerequisites
Certificate name:[uour_name]-self-signed.key.pfx
Password: Type the password for your certificate - Click on the
button - Click on the
button on the top of the blade - Wait until the Application Gateway configuration is saved
- Milestone step: At this point, you have learned how to add an HTTPS Listener to the Application Gateway
Exercise #2: Configure an HTTPS Rule in Azure Application Gateway
In this exercise, you will configure an HTTPS Rule in the Application Gateway in Microsoft Azure.
Steps
- Click on the
button in the Application Gateway blade - Click on the button on the top of the Rules blade
- In the Add basic rule blade, fill in the following information in the form:
Name:https-rule
Listener:https-listener
Backend pool:networkinglab01-ag-bepool
HTTP setting:http-besetting - Click on the
button - Wait until the Application Gateway configuration is saved
- Milestone step: At this point, you have learned how to add an HTTPS Rule to the Application Gateway
Exercise #3: Testing the HTTPS Configuration for Azure Application Gateway
In this exercise, you will test the HTTPS Rule and the certificate that you configured in the Application Gateway in Microsoft Azure.
Steps
- Click on the
button in the Application Gateway blade - Copy the Frontend public IP address from the Overview blade. You will use this IP address in the next step
- Open a new browser window and type the following in the address bar
https://[application_gateway_ip_address] - You will receive a Security Risk warning
- Click on the
button - Click on the View Certificate link
- Milestone step: You should see the information that you have typed during creation of the self-signed certificate
- Click on the
button to close the pop-up window - Click on the
button to continue to the page - Milestone step: At this point, you have learned how to test the HTTPS Rule and the certificate added to the Application Gateway
Exercise #4: Remove the HTTP Rule from Azure Application Gateway
In this exercise, you will remove the HTTP Rule the Application Gateway in Microsoft Azure to disable insecure traffic.
Steps
- Click on the button in the Application Gateway blade
- Click on the
button next to the http-rulerule in the Rules blade - Select Delete from the drop-down menu
- Wait until the Application Gateway configuration is saved
- Milestone step: At this point, you have learned how to remove the HTTP Rule from the Application Gateway
Exercise #5: Testing the HTTPS Configuration for Azure Application Gateway
In this exercise, you will test the HTTPS Rule and the certificate that you configured in the Application Gateway in Microsoft Azure.
Steps
- Click on the button in the Application Gateway blade
- Copy the Frontend public IP address from the Overview blade. You will use this IP address in the next step
- Open a new browser window and type the following in the address bar
http://[application_gateway_ip_address] - You will receive a time-out error from the browser
- Milestone step: At this point, you have learned how to test the removal of the HTTP Rule from the Application Gateway
Last Update: October 25, 2019