question

BhatGurudatth-0787 avatar image
0 Votes"
BhatGurudatth-0787 asked ajkuma-MSFT commented

SSL pinning at Azure web api whch is used for B2B connection

I have one B2B Web API application which is deploying in azure cloud. For e.g. {"A"-"B"-"C"}- here all A,B&C are different web APIs. I am working at API "B". All APIs are supported secured communication. I want to know, Is there any benifit or advantage if I implement SSL pinning at API "B". I don't have any control on API "A" or "C". "A" is cloud service deployed in AWS and "B" is azure service deployed in azure cloud.
I wanted to know
-If I implement SSL pinning at "B" is there any problem it is solving
-Is there any problem if I implement SSL pinning at layer "B" alone without actually implementing at layer "C"
-What are the drawbacks of using ssl pinning specific to API

dotnet-aspnet-core-webapiazure-webapps-ssl-certificatesazure-webapps-security
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

BhatGurudatth-0787, Thanks for the great question. While I check on this internally and get back. When you say, "I have one B2B Web API application which is deploying in azure cloud', Could you please let us know if you have provisioned the Web API via Azure App Service WebApp (/plan to deploy to) or any other Azure solution for hosting the Web API? Since you have posted the question on 'azure-webapps' tag, so I presume you are leveraging Azure WebApps (PAAS) for your setup.

0 Votes 0 ·

Yes. I am deploying web api as "Azure app service"(with docker container).

0 Votes 0 ·

BhatGurudatth-0787, Thanks for the confirmation. With certificate pinning, it will add one more layer of security. If you implement it at B, (as C is using B) then C need to pass that certificate to validate the request of B.

With this implementation, one extra phase I think would be of certificate renewal (at B); nearing expiration and then C need to pass the new certificate to B. You could also automate this process for a seamless operation.


Hope this helps. If you still have any further questions, I'll reach out to you privately.

0 Votes 0 ·

0 Answers