I am trying to move our API Management instance behind the application gateway. I created a private dnszone on which the API management ETC is listening. I created Self Signed certificates for this private DNS zone0.
Uploaded the root certificate to the certificates tabs under security, as well as under the HTTP(s) settings tab of the application gateway. however my custom healt probe keeps mentioning that the CN Name does not match that one of the backend.
Also the backend health mentions:
Received invalid status code: 400 in the backend server’s HTTP response. As per the health probe configuration, 200-399 is the acceptable status code. Either modify probe configuration or resolve backend issues. To learn more visit - https://aka.ms/StatusCodeMismatch.
(this is for the API Management page
I have to mention that hostname of the listener is a different hostname (our public domain name) than the hostname i used on the private DNS Zone. Is this a problem?
[enter image description here][1]
So for example The public hostname for te apim is like apim.mycompany.com,this is set on the listener using our GlobalSign wildcard certificate. then for the backend and HTTP Settings on the gateway i have apim.mycompanycloud.com (private dns zone) with the self signed certificates attached to the appropriate settings.
Hope someone can help me on this :)