Enable client certificate for Azure web site fails with 400 Bad Request
Problem:
Customer follows this blog to use armclient to enable client certificate for his web site. Issuing the armclient PUT command results in the following error:
HTTP/1.1 400 BadRequest
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
x-ms-ratelimit-remaining-subscription-writes: 1199
x-ms-request-id: befeee1f-ac33-4d84-8f04-0ff36d9aa698
x-ms-correlation-request-id: befeee1f-ac33-4d84-8f04-0ff36d9aa698
x-ms-routing-request-id: WESTUS2:20170312T180143Z:befeee1f-ac33-4d84-8f04-0ff36d9aa698
Cache-Control: no-cache
Date: Sun, 12 Mar 2017 18:01:42 GMT
ETag: "1D29B57E7FD6890"
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
{
"Code": "BadRequest",
"Message": "Cannot enable client certificate for a site 'MyWebSite' because current site mode does not allow it.",
"Target": null,
"Details": [
{
"Message": "Cannot enable client certificate for a site 'MyWebSite' because current site mode does not allow it."
},
{
"Code": "BadRequest"
},
{
"ErrorEntity": {
"Code": "BadRequest",
"Message": "Cannot enable client certificate for a site 'MyWebSite' because current site mode does not allow it.",
"ExtendedCode": "04104",
"MessageTemplate": "Cannot enable client certificate for a site '{0}' because current site mode does not allow it.",
"Parameters": [
"MyWebSite"
],
"InnerErrors": null
}
}
],
"Innererror": null
}
Resolution:
The above error can happen if the Azure web site is running in either Free or Shared pricing tier, which do not have support for client certificate. Customer needs to scale up to a dedicated app service plan.
Reference: