Share via


Enable client certificate for Azure web site fails with 400 Bad Request

 

Problem:

Customer follows this blog to use armclient to enable client certificate for his web site.  Issuing the armclient PUT command results in the following error:

HTTP/1.1 400 BadRequest

Pragma: no-cache

Strict-Transport-Security: max-age=31536000; includeSubDomains

x-ms-ratelimit-remaining-subscription-writes: 1199

x-ms-request-id: befeee1f-ac33-4d84-8f04-0ff36d9aa698

x-ms-correlation-request-id: befeee1f-ac33-4d84-8f04-0ff36d9aa698

x-ms-routing-request-id: WESTUS2:20170312T180143Z:befeee1f-ac33-4d84-8f04-0ff36d9aa698

Cache-Control: no-cache

Date: Sun, 12 Mar 2017 18:01:42 GMT

ETag: "1D29B57E7FD6890"

Server: Microsoft-IIS/8.0

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

{

  "Code": "BadRequest",

  "Message": "Cannot enable client certificate for a site 'MyWebSite' because current site mode does not allow it.",

  "Target": null,

  "Details": [

    {

      "Message": "Cannot enable client certificate for a site 'MyWebSite' because current site mode does not allow it."

    },

    {

      "Code": "BadRequest"

    },

    {

      "ErrorEntity": {

        "Code": "BadRequest",

        "Message": "Cannot enable client certificate for a site 'MyWebSite' because current site mode does not allow it.",

        "ExtendedCode": "04104",

        "MessageTemplate": "Cannot enable client certificate for a site '{0}' because current site mode does not allow it.",

        "Parameters": [

          "MyWebSite"

        ],

        "InnerErrors": null

      }

    }

  ],

  "Innererror": null

}

Resolution:

The above error can happen if the Azure web site is running in either Free or Shared pricing tier, which do not have support for client certificate.  Customer needs to scale up to a dedicated app service plan.

Reference:

Using Certificates in Azure Websites Applications