question

gaur-5993 avatar image
0 Votes"
gaur-5993 asked ChaitanyaNaykodiMSFT-9638 answered

Can the Azure Front Door and App Gateway passthrough a client certificate so it can be recognised by APIM?

Can the Azure Front Door and App Gateway support a client certificate so
it can be recognized by APIM? We want to require client certs to select APIs on APIM, but we want to ensure
they are not stripped by Front Door or AGW which both sit in front of APIM.

Can you please let us know the process and if additional settings needs to be in place

azure-application-gatewayazure-front-door
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@suvasara-MSFT can you Please suggest

0 Votes 0 ·

1 Answer

ChaitanyaNaykodiMSFT-9638 avatar image
0 Votes"
ChaitanyaNaykodiMSFT-9638 answered

Hello @gaur-5993, Thank you for reaching out to us, and apologies for the delayed response here.

Passthrough client certificate is not supported by Azure Front Door and Application Gateway, as they both need to decrypt the traffic in order to apply the routing rules and rewrite rules set. Although end-to-end TLS is supported by both of them but for it as well the data is decrypted first and then encrypted again using the certificate uploaded at Azure FD/ App Gateway. For more information please go through the end-to-end TLS documentation for App Gateway and Azure Front Door.

Azure Application gateway does have a MTLS feature in preview (currently not recommended for prod scenarios) where you can use server variables to pass information about the client certificate to the backend servers behind the Application Gateway. Since your application gateway is integrated with APIM, I am not sure how viable this solution will be in your scenario as you will need to do some modifications in APIM to recognize the client certificate information. Currently, MTLS is not supported on Azure Front Door. Meanwhile please feel free to upvote this feature request for SSL passthrough for Azure Front Door.

Hope this helps. Please let me know if you have any additional questions. Thank you!


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.