Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,193 questions
is any way to disable ssl certification in azure apim
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 1%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Akhila
0
Reputation points
I am sharing a sample code snippet for an APIM policy that fails due to certificate validation. Is there an option to disable SSL validation, similar to how Postman allows enabling or disabling it?
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 4%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Sina Salam 12,816 Reputation points2024-11-15T20:46:07.3966667+00:00 Hello Akhila,
Welcome to the Microsoft Q&A and thank you for posting your questions here.
I understand that you would like to know if there is any way to disable SSL certification in azure APIM.
In Azure API Management (APIM), there isn’t a direct option to disable SSL validation within the policy definitions, unlike Postman where you can easily toggle SSL validation on or off. However, you can handle certificate validation issues by using a different approach, such as configuring your backend service to trust the certificate or using a self-signed certificate that is trusted by your APIM instance.
- Though, this is a general approach to handle SSL certificate validation issues, it will solve your challenges:
- Check that the certificate used by your backend service is trusted by the APIM instance. You can upload the certificate to the APIM instance so that it trusts the backend service’s certificate.
- If you are using a self-signed certificate, make sure it is added to the trusted root certificate authorities in your APIM instance.
- If you are using a custom domain, ensure that the custom domain’s certificate is correctly configured and trusted by the APIM instance.
Unfortunately, there is no built-in policy to disable SSL validation directly in APIM. If you need to bypass SSL validation for testing purposes, consider using a different environment or tool where you can control SSL settings more granularly. So, this is an example of how you might configure a policy to handle a request, but note that SSL validation cannot be disabled directly:
<send-request mode="new" response-variable-name="test" timeout="100" ignore-error="true"> <set-url>https://{{ServiceUrl}}</set-url> <set-method>POST</set-method> <set-header name="Authorization" exists-action="override"> <value>Basic {{Token}}</value> </set-header> <set-header name="Content-Type" exists-action="override"> <value>application/json</value> </set-header> <set-body template="liquid"> </set-body> </send-request>I hope this is helpful! Do not hesitate to let me know if you have any other questions.
Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful.
-
Akhila 0 Reputation points
2024-11-17T17:19:23+00:00 Thanks for your response .
Could you please explain how I can bypass this for testing? Do you have any documentation available? To clarify, it seems that I cannot disable SSL in Azure. The only way forward is to add certificates in Azure, correct?
-
Akhila 0 Reputation points
2024-11-17T17:22:06.8933333+00:00 Thanks for your response .
Could you please explain how I can bypass this for testing? Do you have any documentation available? To clarify, it seems that I cannot disable SSL in Azure. The only way forward is to add certificates in Azure, correct?
-
Sina Salam 12,816 Reputation points
2024-11-17T17:42:02.3266667+00:00 Hello Akhila,
Thank you for your feedback.
You're correct that Azure API Management (APIM) does not provide a direct option to disable SSL validation within policy definitions. However, there are ways to handle SSL certificate validation issues for testing purposes:
- You can use self-signed certificates for testing. Ensure that these certificates are added to the trusted root certificate authorities in your APIM instance. This way, APIM will trust the certificates used by your backend service.
- Ensure that the certificate used by your backend service is trusted by the APIM instance. You can upload the certificate to the APIM instance so that it trusts the backend service’s certificate.
- For testing purposes, you might consider using different environments or tools where you can control SSL settings more granularly. Tools like Postman allow you to disable SSL validation easily.
While you cannot disable SSL validation directly, you can configure a policy to handle requests. This is an example of a policy configuration to handle request:
<inbound> <base /> <set-backend-service base-url="https://{{ServiceUrl}}" /> <authentication-basic username="{{Username}}" password="{{Password}}" /> <set-header name="Content-Type" exists-action="override"> <value>application/json</value> </set-header> </inbound>For more detailed guidance, you can refer to the following resources:
- Secure APIs using client certificate authentication in API Management
- Manage protocols and ciphers in Azure API Management
These resources provide comprehensive information on managing certificates and configuring security settings in APIM.
Cheers.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 59%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
JananiRamesh-MSFT 28,326 Reputation points2024-11-19T06:54:42.17+00:00 @Akhila Thanks for reaching out. From the description i understand that you would need to disable SSL validation for the incoming request in APIM. Could you please let me know if you have any validate-client-certificate policy where you can remove it or in the policy you can set the attribute validate-trust to false as per Azure API Management policy reference - validate-client-certificate | Microsoft Learn
please modify accordingly and let me know incase of further queries, I would be happy to assist you.
-
JananiRamesh-MSFT 28,326 Reputation points
2024-11-20T10:05:41.05+00:00 @Akhila Just a follow up on my previous comment and see if you have any questions. I would be happy to answer your questions. Thanks.
-
Akhila 0 Reputation points
2024-11-21T03:44:18.3566667+00:00 Thanks for your response .I am not setting
validate-client-certificateto false. Instead, I have a policy, and in the outbound section, I want to forward data from APIM to a different endpoint. The endpoint may or may not have a certificate. -
Akhila 0 Reputation points
2024-11-21T07:52:47.9233333+00:00 My Azure APIM is not loading properly; it shows "loading" for a long time.
-
JananiRamesh-MSFT 28,326 Reputation points
2024-11-21T08:46:33.2866667+00:00 @Akhila Thanks for getting back, I understand that you wanted to forward data from APIM to a different endpoint, but the endpoint may or may not have a certificate. so, you need to disable the certificate validation in APIM please correct me if i am wrong here.
If yes this can be done by creating a Backend entity object within APIM. You can add your backend url and disable validate certificate chain and validate certificate name as shown below https://learn.microsoft.com/en-us/azure/api-management/backends?tabs=bicep
do let me know incase of further queries, I would be happy to assist you.
Sign in to comment
Sign in to answer