Thanks for reaching here! To enable client certificates from Azure Portal follow below steps:
- From the left navigation of your app's management page, select Configuration > General Settings.
- Set Client certificate mode to Require. Click Save at the top of the page.
You may set from Azure CLI also, run the following command in the Cloud Shell:
az webapp update --set clientCertEnabled=true --name <app-name> --resource-group <group-name>
Also In App Service, TLS termination of the request happens at the frontend load balancer.
When forwarding the request to your app code with client certificates enabled, App Service injects an
X-ARR-ClientCert request header with the client certificate.
App Service does not do anything with this client certificate other than forwarding it to your app. Your app code is responsible for validating the client certificate.
You may refer to this detailed document link: https://learn.microsoft.com/en-us/azure/app-service/app-service-web-configure-tls-mutual-auth#enable-client-certificates
For How to decode
X-ARR-ClientCert header using Python you may refer this discussion.
Let us know if further query or issue remains.