You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/container-apps/client-certificate-authorization.md
+6-4Lines changed: 6 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,15 +5,15 @@ services: container-apps
5
5
author: craigshoemaker
6
6
ms.service: azure-container-apps
7
7
ms.topic: how-to
8
-
ms.date: 05/02/2025
8
+
ms.date: 05/15/2025
9
9
ms.author: cshoe
10
10
---
11
11
12
12
# Configure client certificate authentication in Azure Container Apps
13
13
14
14
Azure Container Apps supports client certificate authentication (also known as mutual TLS or mTLS) that allows access to your container app through two-way authentication. This article shows you how to configure client certificate authorization in Azure Container Apps.
15
15
16
-
When client certificates are used, the TLS certificates are exchanged between the client and your container app to authenticate identity and encrypt traffic. Client certificates are often used in "Zero Trust" security models to authorize client access within an organization.
16
+
When client certificates are used, the TLS certificates are exchanged between the client and your container app to authenticate identity and encrypt traffic. Client certificates are often used in "zero trust" security models to authorize client access within an organization.
17
17
18
18
For example, you might want to require a client certificate for a container app that manages sensitive data.
19
19
@@ -45,7 +45,7 @@ The following ARM template example configures ingress to require a client certif
45
45
}
46
46
```
47
47
> [!NOTE]
48
-
> You can set the `clientCertificateMode` directly on the ingress property. It isn't yet available as an explicit option in the CLI, but you can patch your app using the Azure CLI.
48
+
> You can set the `clientCertificateMode` directly on the ingress property. It isn't available as an explicit option in the CLI, but you can patch your app using the Azure CLI.
49
49
50
50
Before you run the following commands, make sure to replace the placeholders surrounded by `<>` with your own values.
51
51
@@ -78,7 +78,9 @@ az rest \
78
78
79
79
The value for `clientCertificateMode` varies what you need to provide for Container Apps to manage your certificate:
80
80
- When `require` is set, the client must provide a certificate.
81
-
- When `accept` is set, the certificate is optional. If the client provides a certificate, it is passed to the app in the `X-Forwarded-Client-Cert` header, as a semicolon-separated list. For example:
81
+
- When `accept` is set, the certificate is optional. If the client provides a certificate, it passes to the app in the `X-Forwarded-Client-Cert` header, as a semicolon-separated list.
82
+
83
+
For example:
82
84
83
85
Before you use the following example, make sure to replace the placeholders surrounded by `<>` with your own values.
0 commit comments