A quick blog post to show a fix for when you get the error
data for certificate is invalid error when applying backend settings within Azure Application Gateway.
Within the Azure Activity log, you may come across this error:
Error code: ApplicationGatewayTrustedRootCertificateInvalidData Message: Data for certificate /subscriptions/04109105-f3ca-44ac-a3a7-66b4936112c3/resourceGroups/ttcloud_aca/providers/Microsoft.Network/applicationGateways/ttcloud-appgw/trustedRootCertificates/cert is invalid.
Reviewing the backend settings in the Application Gateway, we can see the snippet: For end-to-end SSL encryption, the backends must be in the allowlist of the application gateway. Upload the public certificate of the backend servers to this Backend setting.
You may still be wondering what certificate this is? Lets resolve that 🙂 For Application Gateway v2 SKU, the root certificate requires to be Base-64 encoded X.509(.CER) format.
I obtained this by using Windows and certmgr, navigating to the required certificate -> double-click and navigate to the certificate path tab – as below, you will see the full certificate path.
Select the root certificate (highlighted above) -> double click and select details tab -> copy to file
Select next -> Base-64 encoded X.509 (.CER)
Follow next & select appropriate file name.
This will be the certificate that you require to fix the error data for certificate is invalid error
Thanks for reading, hopefully this has assisted you if you have found this page!