question

FerencSzab-4432 avatar image
0 Votes"
FerencSzab-4432 asked FerencSzab-4432 commented

API Management forwarded client certificate validation

Is it possible to validate client certificates coming in an HTTP header forwarded from a proxy? The same as in https://docs.microsoft.com/en-us/azure/app-service/app-service-web-configure-tls-mutual-auth#access-client-certificate or https://www.ietf.org/archive/id/draft-bdc-something-something-certificate-01.html
Now we check it with (context.Request.Certificate==null || !context.Request.Certificate.VerifyNoRevocation())), the question is whether we can set the context.Request.Certificate from the header

azure-api-management
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

PramodValavala-MSFT avatar image
1 Vote"
PramodValavala-MSFT answered

@FerencSzab-4432 Since its available in the header, you could just import the certificate as an object and then call VerifyNoRevocation() on it to validate it.

Then you can use the authentication-certificate policy to set the certificate in the request to the backend.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.