Allow Mutual SSL Auth on Application Gateway
At the moment SSL termination is possible with Application Gateway but it doesn't cater for instances where client authentication is required (mutual auth). So if client auth is required, SSL needs to be passed through and terminated on each of the web servers. This increases load across the server farm and makes management of certificates more difficult since all certs need to be maintained on all servers. I believe this function is available with API Management but the additional cost is hard to justify if one doesn't require the other additional features. So having mutual SSL auth capability built into the Application Gateway would be fantastic.

Thanks for all your feedback so far. This is something we are looking to address relatively soon. Please stay tuned.
52 comments
-
Lee Lu commented
Any update on this? We do need this feature in one of our clients' (Covestro) production environment which is built on top of Sitecore 9. Please keep posted.
-
Farzad Eshaghi commented
Any updates?
-
Albert Ruiz commented
news? some other workaround?
-
Frank commented
any target date or roadmap available yet?
-
Manoj Singh commented
please give some other workaround. I am stuck since my client only supports mutual ssl.
-
Anonymous commented
news?
-
Timir commented
Is it something available now?
-
Chad commented
Please consider adding a "x-forwarded-client-cert" style header so we can validate the client certificate in downstream proxies (ex: Azure Api Management)
-
Daniel Scheiner commented
It has been 3 years... can the community help?
Your customers are getting concerned! -
Jean-Yves LAUGEL commented
Any news ? Any ETA ?
Thanks ! -
ross baker commented
Hi any update please ?
-
ross baker commented
Any update please this is a key feature.
-
ross baker commented
Any update please ?
-
Anonymous commented
Any updates on this?
-
Param Bindra commented
This was reported in 2015 and planned working on Oct 2018. This is much needed feature. Do we have it now? Please confirm.
-
Martin Francis commented
would this cover mutual TLS . Use case would be to only allow traffic from specific clients to be allowed . Not requiring to allow clients based on IP
-
Harees Syed commented
ETA please
-
AD Ruben Laureys commented
ETA please? This is a much needed feature!
-
AD Koen Theyssens commented
I need this to simplify my setup, any ETA?
-
Anonymous commented
can this be arranged/developed please?