Configure path route path specific SSL profile in Azure Application Gateway

We have tried to rewrite the headers with a Custom Header name X-ARR-ClientCert with value in App gateway using route-path based rule and without SSL Profile configured as we do not have idea on impact it would be create in a case of attaching the SSL profile to listener

asked Jun 20, 2023 at 7:32 Sai Chaithanya Sai Chaithanya Better to post on Server Fault - it's off-topic here (not a programming question) Commented Jun 24, 2023 at 22:45

1 Answer 1

As per your scenario, we have a single listener to our APIM instance configured in Azure App Gateway. In a case of configuring the SSL Profile and attaching to the Listener.

  1. If you configure an SSL profile on the listener of Azure Application Gateway and enable client certificate authentication, it will ask for a client certificate for all incoming requests to that listener.

<a href=enter image description here" />

Application Gateway supports certificates issued from both public and privately established certificate authorities. Therefore, CA certificates must be uploaded. Ensure that the client certificate's immediate issuer is verified and only permits that issuer to be trusted by your application gateway.

By default, this option is disabled, but if you want to use the application Gateway to validate the client, you can enable it through the portal.

  1. Configuring SSL profiles and rewriting the Custom Headers X-ARR-ClientCert in Azure Application Gateway will not impact the APIs that do not require certificate-based authentication

<a href=enter image description here" />

  1. Without an SSL profile it's not possible to forward the certificates to Azure API Management you need SSL profile with the certificates and then associated it to a listener

<a href=enter image description here" />

To know more in detail, check these references.