Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,193 questions
Client Certificate Authentication in Premium Tier API Management
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 6%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGO%3C/text%3E%3C/svg%3E)
Gerald Ortiz Candela
40
Reputation points
Current Situation
Developer Tier API Management:
- Communicates with an Ingress within an AKS configured with a private IP.
- HTTPS is enabled with a domain using self-signed certificates.
- Configured as mutual TLS.
- To allow API Management to communicate, the "Negotiate client certificate" option is activated when configuring custom domains.
- The client certificate is uploaded in the "client certificate" option.
- HTTPS is enabled with a domain using self-signed certificates.
- Switch to Premium Tier API Management:
- The goal is to use a workspace in a Premium Tier API Management.
- The "Negotiate client certificate" option is not available.
- When the client certificate is uploaded in the workspace, the API in that workspace cannot communicate with the Ingress.
Is it possible to achieve this configuration working with a workspace? Or what alternative can be used considering that the Ingress must have a private IP and a domain using self-signed certificates? The mutual TLS can be changed to SIMPLE if it is feasible to upload the server certificate in the workspace as allowed in the Developer tier.
Sign in to answer