You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/application-gateway/application-gateway-configure-listener-specific-ssl-policy.md
+8-5Lines changed: 8 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,11 +5,11 @@ services: application-gateway
5
5
author: mscatyao
6
6
ms.service: application-gateway
7
7
ms.topic: how-to
8
-
ms.date: 03/30/2021
8
+
ms.date: 02/18/2022
9
9
ms.author: caya
10
10
---
11
11
12
-
# Configure listener-specific SSL policies on Application Gateway through portal (Preview)
12
+
# Configure listener-specific SSL policies on Application Gateway through portal
13
13
14
14
This article describes how to use the Azure portal to configure listener-specific SSL policies on your Application Gateway. Listener-specific SSL policies allow you to configure specific listeners to use different SSL policies from each other. You'll still be able to set a default SSL policy that all listeners will use unless overwritten by the listener-specific SSL policy.
15
15
@@ -26,14 +26,14 @@ First create a new Application Gateway as you would usually through the portal -
26
26
27
27
## Set up a listener-specific SSL policy
28
28
29
-
To set up a listener-specific SSL policy, you'll need to first go to the **SSL settings (Preview)** tab in the Portal and create a new SSL profile. When you create an SSL profile, you'll see two tabs: **Client Authentication** and **SSL Policy**. The **SSL Policy** tab is to configure a listener-specific SSL policy. The **Client Authentication** tab is where to upload a client certificate(s) for mutual authentication - for more information, check out [Configuring a mutual authentication](./mutual-authentication-portal.md).
29
+
To set up a listener-specific SSL policy, you'll need to first go to the **SSL settings** tab in the Portal and create a new SSL profile. When you create an SSL profile, you'll see two tabs: **Client Authentication** and **SSL Policy**. The **SSL Policy** tab is to configure a listener-specific SSL policy. The **Client Authentication** tab is where to upload a client certificate(s) for mutual authentication - for more information, check out [Configuring a mutual authentication](./mutual-authentication-portal.md).
30
30
31
31
> [!NOTE]
32
32
> We recommend using TLS 1.2 as TLS 1.2 will be mandated in the future.
33
33
34
34
1. Search for **Application Gateway** in portal, select **Application gateways**, and click on your existing Application Gateway.
35
35
36
-
2. Select **SSL settings (Preview)** from the left-side menu.
36
+
2. Select **SSL settings** from the left-side menu.
37
37
38
38
3. Click on the plus sign next to **SSL Profiles** at the top to create a new SSL profile.
39
39
@@ -72,7 +72,10 @@ Now that we've created an SSL profile with a listener-specific SSL policy, we ne
72
72
73
73
74
74
75
+
### Limitations
76
+
There is a limitation right now on Application Gateway where different listeners using the same port cannot have the same custom SSL policy configured. To ensure that the custom protocols configured as part of the custom SSL policy are applied to a listener, make sure that different listeners are running on different ports or configure the same custom SSL policy with the same custom protocols across all listeners running on the same port.
77
+
75
78
## Next steps
76
79
77
80
> [!div class="nextstepaction"]
78
-
> [Manage web traffic with an application gateway using the Azure CLI](./tutorial-manage-web-traffic-cli.md)
81
+
> [Manage web traffic with an application gateway using the Azure CLI](./tutorial-manage-web-traffic-cli.md)
Copy file name to clipboardExpand all lines: articles/application-gateway/mutual-authentication-overview.md
+6Lines changed: 6 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -41,6 +41,8 @@ For more information on how to set up mutual authentication, see [configure mutu
41
41
> [!IMPORTANT]
42
42
> Make sure you upload the entire trusted client CA certificate chain to the Application Gateway when using mutual authentication.
43
43
44
+
Each SSL profile can support up to 5 trusted client CA certificate chains.
45
+
44
46
## Additional client authentication validation
45
47
46
48
### Verify client certificate DN
@@ -68,6 +70,10 @@ For more information on how to extract trusted client CA certificate chains, see
68
70
69
71
With mutual authentication, there are additional server variables that you can use to pass information about the client certificate to the backend servers behind the Application Gateway. For more information about which server variables are available and how to use them, check out [server variables](./rewrite-http-headers-url.md#mutual-authentication-server-variables-preview).
70
72
73
+
## Certificate Revocation
74
+
75
+
Client certificate revocation with OCSP (Online Certificate Status Protocol) will be supported shortly.
76
+
71
77
## Next steps
72
78
73
79
After learning about mutual authentication, go to [Configure Application Gateway with mutual authentication in PowerShell](./mutual-authentication-powershell.md) to create an Application Gateway using mutual authentication.
Copy file name to clipboardExpand all lines: articles/application-gateway/mutual-authentication-portal.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,11 +5,11 @@ services: application-gateway
5
5
author: mscatyao
6
6
ms.service: application-gateway
7
7
ms.topic: how-to
8
-
ms.date: 04/02/2021
8
+
ms.date: 02/18/2022
9
9
ms.author: caya
10
10
---
11
11
12
-
# Configure mutual authentication with Application Gateway through portal (Preview)
12
+
# Configure mutual authentication with Application Gateway through portal
13
13
14
14
This article describes how to use the Azure portal to configure mutual authentication on your Application Gateway. Mutual authentication means Application Gateway authenticates the client sending the request using the client certificate you upload onto the Application Gateway.
15
15
@@ -27,14 +27,14 @@ First create a new Application Gateway as you would usually through the portal -
27
27
28
28
## Configure mutual authentication
29
29
30
-
To configure an existing Application Gateway with mutual authentication, you'll need to first go to the **SSL settings (Preview)** tab in the Portal and create a new SSL profile. When you create an SSL profile, you'll see two tabs: **Client Authentication** and **SSL Policy**. The **Client Authentication** tab is where you'll upload your client certificate(s). The **SSL Policy** tab is to configure a listener specific SSL policy - for more information, check out [Configuring a listener specific SSL policy](./application-gateway-configure-listener-specific-ssl-policy.md).
30
+
To configure an existing Application Gateway with mutual authentication, you'll need to first go to the **SSL settings** tab in the Portal and create a new SSL profile. When you create an SSL profile, you'll see two tabs: **Client Authentication** and **SSL Policy**. The **Client Authentication** tab is where you'll upload your client certificate(s). The **SSL Policy** tab is to configure a listener specific SSL policy - for more information, check out [Configuring a listener specific SSL policy](./application-gateway-configure-listener-specific-ssl-policy.md).
31
31
32
32
> [!IMPORTANT]
33
33
> Please ensure that you upload the entire client CA certificate chain in one file, and only one chain per file.
34
34
35
35
1. Search for **Application Gateway** in portal, select **Application gateways**, and click on your existing Application Gateway.
36
36
37
-
2. Select **SSL settings (Preview)** from the left-side menu.
37
+
2. Select **SSL settings** from the left-side menu.
38
38
39
39
3. Click on the plus sign next to **SSL Profiles** at the top to create a new SSL profile.
40
40
@@ -82,7 +82,7 @@ Now that we've created an SSL profile with mutual authentication configured, we
82
82
83
83
In the case that your client CA certificate has expired, you can update the certificate on your gateway through the following steps:
84
84
85
-
1. Navigate to your Application Gateway and go to the **SSL settings (Preview)** tab in the left-hand menu.
85
+
1. Navigate to your Application Gateway and go to the **SSL settings** tab in the left-hand menu.
86
86
87
87
1. Select the existing SSL profile(s) with the expired client certificate.
88
88
@@ -94,4 +94,4 @@ In the case that your client CA certificate has expired, you can update the cert
94
94
95
95
## Next steps
96
96
97
-
-[Manage web traffic with an application gateway using the Azure CLI](./tutorial-manage-web-traffic-cli.md)
97
+
-[Manage web traffic with an application gateway using the Azure CLI](./tutorial-manage-web-traffic-cli.md)
Copy file name to clipboardExpand all lines: articles/application-gateway/mutual-authentication-powershell.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,12 +5,12 @@ services: application-gateway
5
5
author: mscatyao
6
6
ms.service: application-gateway
7
7
ms.topic: how-to
8
-
ms.date: 04/02/2021
8
+
ms.date: 02/18/2022
9
9
ms.author: caya
10
10
ms.custom: devx-track-azurepowershell
11
11
---
12
12
13
-
# Configure mutual authentication with Application Gateway through PowerShell (Preview)
13
+
# Configure mutual authentication with Application Gateway through PowerShell
14
14
This article describes how to use the PowerShell to configure mutual authentication on your Application Gateway. Mutual authentication means Application Gateway authenticates the client sending the request using the client certificate you upload onto the Application Gateway.
15
15
16
16
If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
Copy file name to clipboardExpand all lines: articles/application-gateway/mutual-authentication-troubleshooting.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ services: application-gateway
5
5
author: mscatyao
6
6
ms.service: application-gateway
7
7
ms.topic: troubleshooting
8
-
ms.date: 04/02/2021
8
+
ms.date: 02/18/2022
9
9
ms.author: caya
10
10
---
11
11
@@ -22,7 +22,7 @@ After configuring mutual authentication on an Application Gateway, there can be
22
22
* Uploaded a certificate chain that only contained a leaf certificate without a CA certificate
23
23
* Validation errors due to issuer DN mismatch
24
24
25
-
We'll go through different scenarios that you might run into and how to troubleshoot those scenarios. We'll then address error codes and explain likely causes for certain error codes you might be seeing with mutual authentication.
25
+
We'll go through different scenarios that you might run into and how to troubleshoot those scenarios. We'll then address error codes and explain likely causes for certain error codes you might be seeing with mutual authentication. All client certificate authentication failures should result in an HTTP 400 error code.
There are a few scenarios that you might be facing when trying to configure mutual authentication. We'll walk through how to troubleshoot some of the most common pitfalls.
0 commit comments