"502 Bad Gateway" error when I set "Client certificate mode" to "Require"

Mohsen Akhavan 791 Reputation points
2022-09-02T21:23:27.62+00:00

I have a Web App and an Application Gateway. I configure the backend and listener.
In Web App, I have to set "Client certificate mode" to "Require" in the general setting.

237406-image.png

When I set this configuration I can not open the web app and I receive this error:

237407-image.png

In the Health Probe, I received "UnHealthy" and the below error:

Received invalid status code: 403 in the backend server’s HTTP response. As per the health probe configuration, 200-399 is the acceptable status code. Either modify probe configuration or resolve backend issues.  

But, when I change the configuration to the "Allow" or other items, the web app and Application Gateway work well.

237367-image.png

What is the problem?

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,087 questions
Azure Web Application Firewall
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,997 questions
0 comments No comments
{count} votes

Accepted answer
  1. Cristian SPIRIDON 4,481 Reputation points
    2022-09-03T15:37:33.753+00:00

    Hi,

    If you want to enable client certificate in App Gateway scenarios you should exclude the probe url from this:

    https://learn.microsoft.com/en-us/azure/app-service/app-service-web-configure-tls-mutual-auth#exclude-paths-from-requiring-authentication

    The probe url should be a public url used only for sanity checking and you are safe to exclude this. You can exclude also any other public urls.

    Hope this helps!

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.