Two-Way SSL Authentication with Azure Application Gateway

Question

Is it possible to configure two-way SSL authentication with certificates with Azure Application gateway? I have one way SSL working with a public IP but I'd like to restrict who can access this gateway via mutual authentication via certificates.

Answer 1

Ran into the same issue. The way I worked around was to add another app which sent a 302 redirect to the server that accepted the certificate. Since all of the clients connecting to the website interpret the 302 it worked out nicely. Could see why this isnt the best solution but it was cheap and got me unblocked!

I was migrating an application off of Service fabric to web apps. Along the way we learned web apps could not negotiate ssl certs. It was either on or off which meant we need to run 2 apps and use application gateway to keep them on a single domain. We then learned app gateway didnt support passing a client certificate. Luckily for us the client traffic using our website doesnt care it is being redirected. Since most clients interpret a 302 I think this would work for most situations. I created a new web app which only redirected traffic, requests time is about 20 ms end to end. Its a hit but it could be worse :/.

Hope this helps.

Answer 2

Is it possible to configure two-way SSL authentication with certificates with Azure Application gateway?

For now, it is not possible to allow Mutual SSL Authentication with Azure Application gateway. You can voice your vote for this feature. Mutual SSL authorization is in MS roadmap.