Can I use Client Certificates on Azure App Services without a custom domain?

0
votes

For testing purposes I would like to enable the 'Incoming Client Certificates' option in my Azure App Service (running a WCF webservice), and see if my Client application can still connect to the webservice. Since I am still in a testing phase, my app service still has the .azurewebsites.net domain name.

However, I can't seem to figure out how to get a proper client certificate that the server will accept (without switching to a custom domain name, which I know will work).

Currently, I see 2 possible routes to a solution:

  1. Somehow get my hands on .cer that is signed by a CA trusted by the App Service server.
  2. Generate a self-signed .pfx and .cer with my own self-signed CA. Import the pfx on the App Service and install the .cer on the client.

Both directions have not yielded any success so far. Does anyone have any experience with this?

1
azureazure-web-app-serviceclient-certificates
Not sure I am understanding you well. If you want to use client cert authentication with Azure app, you can refer to How To Configure TLS Mutual Authentication for Web App. The client cert is used for validating the client, you might use a self-signed cert. I just find this sample, Azure Web App Client Certificate Authentication with ASP.NET CoreNancy Xiong
@NancyXiong: Well, the answer was in your first link: "The client certificate that is sent to the application does not go through any validation by the Azure Web Apps platform. Validating this certificate is the responsibility of the web app." So this means that any certificate will be valid as long as I don't validate anything... Thank you.Edwin de Koning

1 Answers

2
votes

Per my understanding, the client certificate is used by client systems to make authenticated requests to a remote server. In this case, your webservice is the remote server in a C/S mode. As you point out, "validating this certificate is the responsibility of the web app. So this means that any certificate will be valid as long as you don't validate anything". It does not effect on whether you have a custom domain or not in your web app service.

If you want to use client cert authentication with Azure app, you can refer to How To Configure TLS Mutual Authentication for Web App.