Getting "403 Invalid client certificate" in Azure APIM and also from postman

Question

So i am following this link : https://learn.microsoft.com/en-gb/azure/api-management/api-management-howto-mutual-certificates-for-clients. And I added two policies-

1)Checking the thumbprint (For incoming request containing certificates)

<choose>
    <when condition="@(context.Request.Certificate == null || !context.Request.Certificate.Verify() || context.Request.Certificate.Thumbprint != "DESIRED-THUMBPRINT-IN-UPPER-CASE")" >
        <return-response>
            <set-status code="403" reason="Invalid client certificate" />
        </return-response>
    </when>
</choose>

2)Checking a thumbprint against certificates uploaded to API Management (I uploaded a selfsigned certificate in the 'certificates' section in APIM)

<choose>
<when condition="@(context.Request.Certificate == null || !context.Request.Certificate.Verify()  || !context.Deployment.Certificates.Any(c => c.Value.Thumbprint == context.Request.Certificate.Thumbprint))" >
    <return-response>
        <set-status code="403" reason="Invalid client certificate" />
    </return-response>
</when>

Now , when i try to send a get request from APIM in azure , i am facing an error saying "403 invalid client certificate".And in postman , i added the certifcates too , but getting the same error when sending a get request.

I made the selfsigned certificate using openssl and converted it into .key , .crt and .pfx.I read other related threads too but i didnt find any solution to this issue.I dont know if i am doing this wrong or i am missing out something.Please help me out with this.Thank you.

Answer 1

From the documentation link you posted:

Your certificate is self-signed so it's not trusted. Try adding it to the CA certificates section in APIM as well.