Document Details

Self Signed Certificates
Home / Scan #2 / Self Signed Certificates
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
windows_first
powershell_heavy
windows_tools
missing_linux_example
Summary
The documentation demonstrates a moderate Windows bias. While the main certificate generation workflow uses OpenSSL (cross-platform), Windows tools and patterns are frequently mentioned first or exclusively. The IIS section is more detailed than Linux alternatives, and the only automation example for uploading certificates to Application Gateway is in Azure PowerShell, with no Azure CLI (cross-platform) or ARM/Bicep alternatives. The hosts file editing link is Windows-specific, and some instructions assume a Windows file path structure.
Recommendations
  • Provide Azure CLI examples alongside or before Azure PowerShell for certificate upload and configuration, as CLI is cross-platform.
  • Include Linux/macOS-specific instructions for editing the hosts file (e.g., /etc/hosts), not just a Windows link.
  • Balance the web server configuration sections: give equal detail for Apache and NGINX as for IIS, including links to official documentation for Linux.
  • Use neutral file path examples (e.g., ~/Downloads/contoso.cer or /home/user/contoso.cer) instead of Windows paths (C:\Users\...).
  • Mention that OpenSSL is available on macOS as well as Linux and Windows.
  • If referencing GUI tools or wizards, ensure Linux alternatives are mentioned or clarify if they are Windows-only.
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-14 00:00 #250 in_progress Biased Biased
2026-01-13 00:00 #246 completed Biased Biased
2026-01-12 00:00 #243 cancelled Biased Biased
2026-01-11 00:00 #240 completed Biased Biased
2026-01-10 00:00 #237 completed Biased Biased
2026-01-09 00:34 #234 completed Biased Biased
2026-01-08 00:53 #231 completed Biased Biased
2026-01-06 18:15 #225 cancelled Clean Clean
2025-09-12 00:00 #109 completed Clean Clean
2025-08-12 00:00 #78 cancelled Biased Biased
2025-08-11 00:00 #77 completed Biased Biased
2025-08-10 00:00 #76 completed Biased Biased
2025-08-09 00:00 #75 completed Biased Biased
2025-08-08 00:00 #74 completed Biased Biased
2025-08-07 00:00 #73 completed Biased Biased
2025-08-06 00:00 #72 completed Biased Biased
2025-08-05 00:00 #71 completed Biased Biased
2025-08-04 00:00 #70 cancelled Biased Biased
2025-08-03 00:00 #69 completed Biased Biased
2025-08-02 00:00 #68 cancelled Clean Clean
2025-08-01 00:00 #67 completed Biased Biased
2025-07-31 00:00 #66 completed Clean Clean
2025-07-30 00:00 #65 completed Clean Clean
2025-07-29 00:01 #64 completed Clean Clean
2025-07-28 00:00 #63 completed Clean Clean
2025-07-27 00:00 #62 completed Clean Clean
2025-07-26 00:01 #61 completed Clean Clean
2025-07-13 21:37 #48 completed Biased Biased
2025-07-09 13:09 #3 cancelled Clean Clean
2025-07-08 04:23 #2 cancelled Biased Biased

Flagged Code Snippets

## Add the trusted root certificate to the Application Gateway

$gw=Get-AzApplicationGateway -Name appgwv2 -ResourceGroupName rgOne

Add-AzApplicationGatewayTrustedRootCertificate `
   -ApplicationGateway $gw `
   -Name CustomCARoot `
   -CertificateFile "C:\Users\surmb\Downloads\contoso.cer"

$trustedroot = Get-AzApplicationGatewayTrustedRootCertificate `
   -Name CustomCARoot `
   -ApplicationGateway $gw

## Get the listener, backend pool and probe

$listener = Get-AzApplicationGatewayHttpListener `
   -Name basichttps `
   -ApplicationGateway $gw

$bepool = Get-AzApplicationGatewayBackendAddressPool `
  -Name testbackendpool `
  -ApplicationGateway $gw

Add-AzApplicationGatewayProbeConfig `
  -ApplicationGateway $gw `
  -Name testprobe `
  -Protocol Https `
  -HostName "www.fabrikam.com" `
  -Path "/" `
  -Interval 15 `
  -Timeout 20 `
  -UnhealthyThreshold 3

$probe = Get-AzApplicationGatewayProbeConfig `
  -Name testprobe `
  -ApplicationGateway $gw

## Add the configuration to the HTTP Setting and don't forget to set the "hostname" field
## to the domain name of the server certificate as this will be set as the SNI header and
## will be used to verify the backend server's certificate. Note that TLS handshake will
## fail otherwise and might lead to backend servers being deemed as Unhealthy by the probes

Add-AzApplicationGatewayBackendHttpSettings `
  -ApplicationGateway $gw `
  -Name testbackend `
  -Port 443 `
  -Protocol Https `
  -Probe $probe `
  -TrustedRootCertificate $trustedroot `
  -CookieBasedAffinity Disabled `
  -RequestTimeout 20 `
  -HostName www.fabrikam.com

## Get the configuration and update the Application Gateway

$backendhttp = Get-AzApplicationGatewayBackendHttpSettings `
  -Name testbackend `
  -ApplicationGateway $gw

Add-AzApplicationGatewayRequestRoutingRule `
  -ApplicationGateway $gw `
  -Name testrule `
  -RuleType Basic `
  -BackendHttpSettings $backendhttp `
  -HttpListener $listener `
  -BackendAddressPool $bepool

Set-AzApplicationGateway -ApplicationGateway $gw