Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,752 questions
X.509 certificate in Azure APIM and azure Device Provisioning service
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 26%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENV%3C/text%3E%3C/svg%3E)
NavinKumar VIRARAGAVAN
20
Reputation points
I am trying to use same X.509 device certificate for authenticating IOT DPS and API management. Problem is DPS docs mentioning - registation_id of the device must match the subject common name in the device certificate, So we need to put unique ID in each device certificate then DPS provisioning works well.
But if we try to use same certificate in APIM , It is not working. APIM expecting common name has to be same for root, intermediate and client certificates. (I am using our domain name as common name).
Please let me know how I can modify APIM policy to use same client certificate on both APIM and DPS.
context.Request.Certificate == null || !context.Request.Certificate.Verify()
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 10%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
MuthuKumaranMurugaachari-MSFT 22,141 Reputation points2023-05-02T21:29:00.9733333+00:00 NavinKumar VIRARAGAVAN Thanks for posting your question in Microsoft Q&A. Based on doc: End-entity "leaf" certificate, leaf certificate should have registration id as subject common name, Correct? I assume you have only uploaded root and intermediate certificates in APIM (not client certificates).
If the certificate presented from the client does not match hostname i.e., the custom domain name of APIM, then you will likely face the error. Can you elaborate with sample domain names of all certificates (root, intermediate, client as well as APIM domain)? That would help confirm.
Sign in to comment