Share via

Client Certificate Authentication in Premium Tier API Management

Gerald Ortiz Candela 40 Reputation points
Nov 21, 2024, 5:19 PM

Current Situation

Developer Tier API Management:

  • Communicates with an Ingress within an AKS configured with a private IP.
    • HTTPS is enabled with a domain using self-signed certificates.
      • Configured as mutual TLS.
      • To allow API Management to communicate, the "Negotiate client certificate" option is activated when configuring custom domains.
      • The client certificate is uploaded in the "client certificate" option.
  1. Switch to Premium Tier API Management:
  • The goal is to use a workspace in a Premium Tier API Management.
  • The "Negotiate client certificate" option is not available.
  • When the client certificate is uploaded in the workspace, the API in that workspace cannot communicate with the Ingress.

Is it possible to achieve this configuration working with a workspace? Or what alternative can be used considering that the Ingress must have a private IP and a domain using self-signed certificates? The mutual TLS can be changed to SIMPLE if it is feasible to upload the server certificate in the workspace as allowed in the Developer tier.

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,194 questions
0 comments No comments
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.