You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
| Server only <br>(one-way) | - Consumption: Managed only <br><br>- Standard: Managed or built-in | For server authentication, your MQ server sends a private key certificate, either publicly trusted or non-publicly trusted, to your logic app client for validation. The MQ connector validates the incoming server certificate for authenticity against public key certificates, known also as a "signer" certificates, by using standard .NET SSL stream validation. <br><br>The logic app doesn't send a client certificate. |
41
+
| Server only <br>(one-way) | - Consumption: Managed only <br><br>- Standard: Managed or built-in | For server authentication, your MQ server sends a private key certificate, either publicly trusted or non-publicly trusted, to your logic app client for validation. The MQ connector validates the incoming server certificate for authenticity against public key certificates, also known as *signer certificates*, by using standard .NET SSL stream validation. <br><br>The logic app workflow doesn't send a client certificate. |
42
42
| Server-client <br>(two-way) | - Consumption: Not supported <br><br>- Standard: Built-in only | For server authentication, see the previous row. <br><br>For client authentication, the logic app client sends a private key certificate to your MQ server for validation. The MQ server validates the incoming client certificate for authenticity also by using a public key certificate. |
### Notes about private key and public key certificates
45
47
46
48
- The certificate that requires validation is always a private key certificate. The certificate used to perform the validation is always a public key certificate.
@@ -266,8 +268,6 @@ To check that the thumbprints for the required public key certificates exist on
266
268
267
269
Follow these steps to add a public key certificate to the Trusted Root CA Store on the virtual machine host where your Standard logic app runs.
1. In the [Azure portal](https://portal.azure.com), open your Standard logic app resource. On the logic app resource menu, under **Settings**, select **Certificates**.
272
272
273
273
1. Select the **Public key certificates (.cer)** tab, and then select **Add certificate**.
@@ -298,8 +298,6 @@ Follow these steps to add a public key certificate to the Trusted Root CA Store
298
298
299
299
Follow these steps to add a private key certificate to the Trusted Root CA Store on virtual machine host where your Standard logic app runs.
1. In the [Azure portal](https://portal.azure.com), open your logic app resource. On the logic app resource menu, under **Settings**, select **Certificates**.
304
302
305
303
1. Select the **Bring your own certificates (.pfx)** tab, and then select **Add certificate**.
> This method provides optimal and superior security without having to provide credentials. Azure manages
21
-
> this identity for you and helps keep authentication information secure so that you don't have to manage
22
-
> this sensitive information. To set up a managed identity for Azure Logic Apps, see
23
-
> [Authenticate access and connections to Azure resources with managed identities in Azure Logic Apps](/azure/logic-apps/authenticate-with-managed-identity).
24
-
>
11
+
> In production environments, always protect sensitive information and secrets, such as credentials, certificates,
12
+
> thumbprints, access keys, and connection strings. Make sure that you securely store such information by using
13
+
> Microsoft Entra ID and [Azure Key Vault](https://go.microsoft.com/fwlink/?linkid=2300117). Avoid hardcoding
14
+
> this information, sharing with other users, or saving in plain text anywhere that others can access. Rotate your
15
+
> secrets as soon as possible if you think this information might be compromised. For more information, see
0 commit comments