Let’s see how to secure API using Client Certificate in Azure API management
- Make sure you have SSL added on Custom Domain
- Negotiate Certificate is Checked
Now let’s generate a Custom Client Certificate to be used on the Client Side using Windows Powershell
New-SelfSignedCertificate -DnsName "azure365pro", "azure365pro" -CertStoreLocation "cert:\LocalMachine\My" -NotAfter (Get-Date).AddYears(10) -FriendlyName "CAazure365pro" -KeyUsageProperty All -KeyUsage CertSign, CRLSign, DigitalSignature $mypwd = ConvertTo-SecureString -String "123" -Force -AsPlainText Get-ChildItem -Path cert:\localMachine\my\4D589CA579F672252668920A54D52DEDB16A9688 | Export-PfxCertificate -FilePath "C:\Scripts\certs.pfx" -Password $mypwd
Now Cert is ready
Add Certificates
you can use key vault – in this case and uploading directly
Now update the Inbound policy as below to use thumbprint directly without uploading the certificate to API management
if you want to use from the uploaded client certificates list use below
Now lets call the API using Client Certificate using postman
Add the certificate
if you call the call the API without a certificate
if you call the call the API with the client certificate
What will be the implications if Negotiate Client Certificate is disabled?