client certificate validation on APIM

ujjwalDev 46 Reputation points
2021-06-18T18:35:22.717+00:00

Hi,

I want to implement client certificate validation in Azure API Management policy to check if the client has a valid certificate.

https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-mutual-certificates-for-clients

I have Application gateway in front of API Management service deployed in internal.

https://stackoverflow.com/questions/57372611/client-certificate-is-not-being-passed-on-by-azure-application-gateway

I see that the the certificate does not come through to APIM Gateway.

Is this the only possible option to fix this issue. This feature seems to be in a preview now. Any timelines on the release for this feature on v1 application gateways.
https://learn.microsoft.com/en-us/azure/application-gateway/mutual-authentication-overview

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,698 questions
Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
937 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. SaiKishor-MSFT 17,156 Reputation points
    2021-06-28T22:52:42.267+00:00

    @ujjwalDev Firstly we apologize for the delay in response to this question.

    We do not have plans to implement Mutual Auth for v1 Application Gateway at the moment. Upgrading to v2 seems like the only option to enable client certificate validation at the moment. Hope this helps. Please let us know if you have any further questions/concerns. Thank you!