简体繁体 English

Azure API 管理 - 绕过 SSL 验证

[英]Azure API Management - bypass SSL validation

原文 2018-02-27 02:39:53 7 3 azure/ azure-api-management

I am playing around with Azure API Management as a SOAP passthrough.我正在玩 Azure API 管理作为 SOAP 直通。 I was hoping to get some analytics in place to preview the service.我希望获得一些分析来预览该服务。

My trouble is that my client endpoint has SSL validation in place.我的问题是我的客户端端点有 SSL 验证。 I can't figure out how to load the.cer file in Azure to satisfy this requirement.我不知道如何加载Azure中的.cer文件来满足这个要求。 At the very least I was hoping to find an option to turn off SSL validation (like I can with curl or even postman).至少我希望找到一个选项来关闭 SSL 验证（就像我可以使用 curl 甚至邮递员一样）。

any one found a way to accomplish this?任何人找到一种方法来完成这个？

3 个解决方案

API Management provides the capability to secure access to the back-end service of an API using client certificates. API管理提供了使用客户端证书来安全访问API的后端服务的功能。 Below guide shows how to manage certificates in the API publisher portal, and how to configure an API to use a certificate to access its back-end service. 以下指南显示了如何在API发布者门户中管理证书，以及如何配置API以使用证书来访问其后端服务。

How to secure back-end services using client certificate authentication in Azure API Management 如何在Azure API管理中使用客户端证书身份验证来保护后端服务

If you are calling the API Management service with https then the certificate that is presented will match the host name that you are calling with. 如果您使用https调用API管理服务，则显示的证书将与您使用的主机名匹配。 I'm assuming you were able to change the client to point to your service at https://{servicename}.azure-api.net ? 我假设您能够将客户端更改为指向您在https：// {servicename} .azure-api.net上的服务？

Or did you change your local hostname file to make that happen? 还是您更改了本地主机名文件以实现此目的？ If that's the case, then that is why you are getting an SSL error. 如果是这样，那么这就是为什么您遇到SSL错误。 Without being able to re-compile your client you cannot disable the SSL validation. 如果无法重新编译客户端，则无法禁用SSL验证。

You could configure the custom domain in API Management and if you have access to the certificate, you could attach it to the custom domain. 您可以在API管理中配置自定义域，并且如果您有权访问证书，则可以将其附加到自定义域。 However, you would actually have to change the public DNS for the domain to make that work. 但是，实际上，您必须更改该域的公共DNS才能使它工作。 I don't think you can enable a custom domain in API Management, provide the certificate and only use your local hostname file to do the mapping. 我认为您无法在API管理中启用自定义域，提供证书并且仅使用本地主机名文件进行映射。 But I will check. 但我会检查。

The steps under 'Scenario 7: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel' in Troubleshooting 4xx and 5xx Errors with Azure APIM services is what worked for me. 解决 Azure APIM 服务的 4xx 和 5xx 错误中的“场景 7：基础连接已关闭：无法为 SSL/TLS 安全通道建立信任关系”下的步骤对我有用。 I'm using this approach to bypass validating the SSL cert until I switch from using a self-signed cert to a CA signed one.我正在使用这种方法来绕过验证 SSL 证书，直到我从使用自签名证书切换到 CA 签名证书。