Skip to content

Azure App Service Web app client certificate is disabled

Description

Client certificates allow the Web App to require a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app.

The TLS mutual authentication technique in enterprise environments ensures the authenticity of clients to the server. If incoming client certificates are enabled only an authenticated client with valid certificates can access the app.

Fix - Runtime

Azure Portal

To change the policy using the Azure Portal, follow these steps:

  1. Log in to the Azure Portal at https://portal.azure.com.
  2. Navigate to App Services.
  3. For each Web App, click_ App_.
    a) Navigate to Setting section.
    b) Click SSL Settings.
    c) Navigate to Protocol Settings section.
    d) Set Incoming client certificates to On.

CLI Command

To set Incoming client certificates value for an existing app, use the following command:

az webapp update 
--resource-group <RESOURCE_GROUP_NAME> 
--name <APP_NAME>
--set clientCertEnabled=true

Fix - Buildtime

Terraform

  • Resource: azurerm_app_service
  • Argument: client_cert_enabled
resource "azurerm_app_service" "example" {
    ...
+   client_cert_enabled          = true
}