Does Azure Key Vault support storing Client Certificates for mTLS authentication?
Example:
HTTPS: Yes
and Client Certificates: Required
enabled in the Function AppX-ARR-ClientCert
headerKeyVaultCertificate
client which will pull the client cert we have on file for said requestor and validate its properties
not_valid_before/after
issuer
common_name
ocsp_responder_url
Problem:
.pfx
or .pem
file extensions.pfx
format because it contains the private key.pfx
file into both .pem
(actual certificate) and .key
then upload only the .pem
, but Key Vault didn't like the format.Does Key Vault handle client certs in this manner or should I just save them as KV Secrets and avoid KV Certificates altogether?
If I'm not mistaken, a client cert would never be in .pfx
You are mistaken and all your assumptions are incorrect. Mutual TLS requires two sets of certificate and private key, one set for server and another for client. You cannot setup a mutual TLS with two certificates and one private key (like you describe).
Azure Key Vault perfectly supports any kind of certificate, including client and server authentication.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.