APIM cannot correctly connect to the App Service and returns a 500 error:

Accessing the App Service alone can be successful. A 500 error occurred when accessing through APIM

According to the content in the blog post "Azure API Management Enables Trace for Requests Calling APIM - A Tool for Debugging APIM Policy", after enabling APIM Trace, it was found in Backend The actual error message is:

error message: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

This error message indicates that the backend service Applicable certificate issues. This error usually occurs when the certificate configured for APIM's backend service is a self-signed certificate instead of a CA certificate. The APIM service is deployed in an Azure service hosted on a PaaS VM running a Windows operating system. Therefore each APIM instance trusts the default root certification authority of all Windows systems. The solution to this problem is:

1: Add a certificate issued by a trusted CA authority to the App Service.

2: Disable certificate chain verification between APIM and back-end App Service. Use New-AzApiManagementBackend or Set-AzApiManagementBackend to set -SkipCertificateChainValidation to True for the backend service configured in APIM.

An example command is:

Set-AzApiManagementBackend: /en-us/powershell/module/az.apimanagement/set-azapimanagementbackend?view=azps-7.3.0&viewFallbackFrom=azps-4.8 .0

New-AzApiManagementBackend: /en-us/powershell/module/az.apimanagement/new-azapimanagementbackend?view=azps-7.3.0&viewFallbackFrom=azps-4.8.0

Troubleshooting 4xx and 5xx Errors with Azure APIM services: munity.microsoft.com/t5/azure-paas-blog/troubleshooting-4xx-and-5xx-errors-with-azure-apim-services/ba-p/2115744

Category: Azure API Management

Tags: APIM, App Service, APIM cannot connect to APP service, Could not establish trust relationship, for the SSL/TLS secure channel