Mutual auth with Java (w/ client cert PFX file) and no access to environment

Question

I have a Java Spring Boot web application deployed on an Azure App Service (not embedded Tomcat, but using App Service Tomcat PaaS). This application needs to make a call to a REST API, that is secured by mandating mutual authentication, i.e. with a client certificate.

I have the PFX file, and I don't have access to the environment to add the certificate to the keystore, truststore, etc.

Is there any way to call the REST API in Java, with just the client certificate, which possibly is part of the web application resources (or retrieved from KeyVault)?

Answer 1

I have the PFX file, and I don't have access to the environment to add the certificate to the keystore, truststore, etc.

Per my understanding, for using SSL certificate in Azure App Service, you could try to follow the steps below:

1) Click "SETTINGS > SSL settings" of your web app, then click Upload Certificate for uploading your certs.

2) Add a seting named WEBSITE_LOAD_CERTIFICATES with the value equals to the thumbprint of your certificates which would be accessed by your application code. Also, you could just load certificate as a file in your code. Details you could follow Use an SSL certificate in your application code in Azure App Service.

Moreover, if the above approach could not meet your requirement, you may use Azure Key Vault as your cert store. For a simple way, you could add your certificates via Azure Portal, details you could follow here. For retrieving your certificate in your code, you could follow Authentication samples for Azure Key Vault using the Azure Java SDK for authenticating to your key vault and retrieve your certificate.