Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,122 questions
OCSP stapling of SSL certificate at Azure Application Gateway
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 26%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
SHUBHAM KUMAR
0
Reputation points
I have an AKS setup and using Application Gateway for traffic management. TLS termination is being done at application gateway only.
My security team says we need to do OCSP stapling for privacy purposes and to mitigate CR bypass issue. I have checked entire configuration of application gateway but I am unable to find any option to activate OCSP. Please note that my setup does not use mTLS and doing OCSP is straightforward in webservers like NGINX and APACHE.
Any insights or help is most welcome.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 17%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERV%3C/text%3E%3C/svg%3E)
Rohith Vinnakota 2,330 Reputation points Microsoft Vendor2025-01-30T12:16:37.5366667+00:00 Hi @SHUBHAM KUMAR,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand that you would like to enable OCSP stapling in the Azure Application Gateway. This can be accomplished using PowerShell.
$AppGw = Get-AzApplicationGateway -Name “ApplicationGateway01” -ResourceGroupName “ResourceGroup01” $profile = Get-AzApplicationGatewaySslProfile -Name “SslProfile01” -ApplicationGateway $AppGw Set-AzApplicationGatewayClientAuthConfiguration -SslProfile $profile -VerifyClientCertIssuerDN -VerifyClientRevocation OCSPRefer this for more details: https://azure.microsoft.com/en-us/blog/exploring-mtls-setup-to-send-a-client-certificate-to-the-backend-and-ocsp-validation/?msockid=02a972d2333368e5206f678a329e6943
Kindly let us know if the above helps or you need further assistance on this issue.
-
SHUBHAM KUMAR 0 Reputation points
2025-01-30T15:51:26.83+00:00 Thank you for your prompt response.
The powershell commands you have shared requires a specific ssl profile. I am not using any ssl profile as of now. My ssl certificates are attached directly to listener and there only I am using a predefined ssl profile for managing ciphers.
Screenshot:
Any other suggestions!!!
-
Rohith Vinnakota 2,330 Reputation points Microsoft Vendor
2025-02-05T01:05:19.0266667+00:00 Hi @SHUBHAM KUMAR,
Greetings!
We are reaching out to the internal team to get more information related to your query and will get back to you as soon as we have an update.
Sign in to comment
Sign in to answer