This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 78%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
I'm facing below issue-
One or more fields contain incorrect values:
Error in element 'authentication-certificate' on line 18, column 10: Exactly one of a thumbprint or certificate-id or body must be specified.
I'm configuring correct Certificate-id in inbound policy but getting above error . I have tried with thumbprint and body also .
<inbound>
<base />
<authentication-certificate certificate-id="client-certificate-dev" />
</inbound>
Hi @ssstestpbix
Welcome to Microsoft Q&A! Thanks for posting the question.
When you are using authentication-certificate, Please make sure that the certificate needs to be installed into API Management first and is identified by its thumbprint or certificate ID (resource name).
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 81%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENP%3C/text%3E%3C/svg%3E)
I have same issue. certificate is installed into API Management's Certificate tab (from Key Vault). it still gives the error. Below is the error I receive:
One or more fields contain incorrect values:
Error in element 'authentication-certificate' on line 16, column 10: The Certificate with id 'testKVCert' and thumbprint 'XXXXXXXXXXXXXXXXXX' is configured with KeyVault secret 'https://kvtestldb.vault.azure.net/secrets/CERTtest' and cannot be referenced by thumbprint. Please reference it with certificate-id 'testKVCert' in the policy.
How can I fix this issue? Please help!
BTW, I followed exactly as mentioned in msft docs (https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-mutual-certificates) and also created a poc environment for this issue. However, no luck.
@Nimesh Patel As per the error it looks like you are using have referred the certificate using thumbprint but in the case when you are using key vault you need identify it using the certificate ID. In your policy, you need to identify using certificate-id and not with thumbprint as mentioned in the caution section.
If the certificate references a certificate stored in Azure Key Vault, identify it using the certificate ID. When a key vault certificate is rotated, its thumbprint in API Management will change, and the policy will not resolve the new certificate if it is identified by thumbprint.
In case if you still observe the issue I will suggest you to post a new Q&A thread to assist you further.
@MayankBargali-MSFT I was using GUI to add the certificate into APIM certificates. Since your suggestion is to use it by manually updating the policy (code), let me try it and update here or open new question as you suggested.
Thank you