stackoom
  简体   繁体   中英

Azure APIM with certificate authentication error using .pfx certificate

 原文  2022-05-24 10:08:18       azure/ rest/ cloud/ azure-api-management

Question

Helle, everyone.

I am experiencing issue with configuring APIm operation with InBound policy, which handled calls to remote endpoint. I have saved certificate which was provided to me by external service and using thumbprint in policie. Remote endpoint validates requests using certificate.

<policies>
<inbound>
    <base />
    <send-request mode="new" response-variable-name="result" timeout="300" ignore-error="false">
        <set-url>https://ip:port/path</set-url>
        <set-method>POST</set-method>
        <set-header name="Accept" exists-action="override">
            <value>*/*</value>
        </set-header>
        <set-header name="Content-Type" exists-action="override">
            <value>application/xml</value>
        </set-header>
        <set-body>@(context.Request.Body.As<string>())</set-body>
        <authentication-certificate thumbprint="thubprint" password="password" />
    </send-request>
    <return-response response-variable-name="result" />
</inbound>
<backend>
    <base />
</backend>
<outbound>
    <base />
</outbound>
<on-error>
    <base />
</on-error>

But as a response I am getting 500 error

send-request (259.918 ms)
{
    "messages": [
        "Error occured while calling backend service.",
        "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.",
        "The remote certificate is invalid according to the validation procedure."
    ]
}

Thanks beforehands. Would appreciate any help.

1 answers

solution1
 1 ACCPTED  

As discussed in the comments, adding gist as a community wiki answer to help community members who might face a similar issue.

But as a response I am getting 500 error

  • If you are using self-signed certificates, you will need to disable certificate chain validation for API Management to communicate with the backend system. Otherwise, it will return a 500 error code.

Try the following code snippet taken from the document:

$context = New-AzApiManagementContext -resourcegroup 'ContosoResourceGroup' -servicename 'ContosoAPIMService'

New-AzApiManagementBackend -Context  $context -Url 'https://contoso.com/myapi' -Protocol http -SkipCertificateChainValidation $true

Note: As of now disabling certificate chain validation is only possible for backend policy .

You can refer to Azure API Management - Validate incoming client certificate and Send cert to backend , Is disabling Validate certificate chain safe? and Protect your APIs with Azure API Management

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Add PFX Certificate to Azure WebApp using ARM (not for ssl) Convert Azure-generated certificate to PFX using openssl Azure APIM - how to validate client certificate using context.Request.Certificate.Verify() Is there anyway to import a PFX SSL Certificate file using Bicep or ARM to a Azure Key Vault as a Certificate Export Azure App Service Certificate as .pfx on Mac Problem deploying pfx certificate with ARM to Azure, InternalServerError Adding certificate to Azure APIM from keyvault azure APIM client certificate towards SAP gateway Azure webapp ssl certificate pfx without password Export Azure SSL certificate as pfx file
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM