When I run SSL query to portal <IP>:443 using open ssl – portal returns only server certificate and not full certificate chain (which should include Intermediate CA and root CA certificate as well).

Azure application gateway consequentially can not compare its own copy of company's Root CA certificate with Root CA certificate sent by backend server (portal in this case).

 This process on the other hand works fine on API gateway – gateway provides full chain and result of comparison with certificate on GW is “match”.

To make SSL encryption work we need to have same behavior on portal as we see on gateway (present full certificate chain).

Is there a solution to the issue ?

Release : 5.0

Component : API PORTAL

azure gateway. 

1. login into dispatcher using docker exec -it <pod id> sh 
2. Navigate to /etc/ngnix
3. Execute: echo "${HTTPD_SSL_KEY}" | base64 -d | openssl pkcs12 -nodes -passin pass:"${HTTPD_SSL_KEY_PASS}" | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > dispatcher.crt
4. cat dispatcher.crt to confirm it is a chain
5. /usr/sbin/nginx -s reload to relaod ngnix 
6. Verify cert chain in the browser by accessing the portal url.