Allow Mutual SSL Auth on Application Gateway

At the moment SSL termination is possible with Application Gateway but it doesn't cater for instances where client authentication is required (mutual auth). So if client auth is required, SSL needs to be passed through and terminated on each of the web servers. This increases load across the server farm and makes management of certificates more difficult since all certs need to be maintained on all servers. I believe this function is available with API Management but the additional cost is hard to justify if one doesn't require the other additional features. So having mutual SSL auth capability built into the Application Gateway would be fantastic.

1,047 votes

Vote

(thinking…)

Microsoft

Forgot password?

Create a password

Signed in as (Sign out)

You have left! (?) (thinking…)

Brandon shared this idea · August 18, 2015 · Flag idea as inappropriate… · Admin →

planned ·

AdminAzure Networking Team (Product Manager, Microsoft Azure) responded · October 09, 2018

Thanks for all your feedback so far. This is something we are looking to address relatively soon. Please stay tuned.

Show previous admin responses (3)

55 comments

Add a comment…

Attach a File

(thinking…)

Microsoft

Forgot password?

Create a password

Signed in as (Sign out)

Submitting...

An error occurred while saving the comment

Andrea commented · January 20, 2020 07:50 · Flag as inappropriate

Hi Team,
is this feature on the roadmap?
A

Submitting...
Laurent Caille commented · January 16, 2020 05:40 · Flag as inappropriate

Hi,

Any updates on this feature? We would need it in the future.

Submitting...
Michael A commented · January 08, 2020 22:01 · Flag as inappropriate

Hello,

Has there been any update on this feature for Azure Application Gateway?

Submitting...
Lee Lu commented · November 24, 2019 20:01 · Flag as inappropriate

Any update on this? We do need this feature in one of our clients' (Covestro) production environment which is built on top of Sitecore 9. Please keep posted.

Submitting...
Farzad Eshaghi commented · November 21, 2019 15:39 · Flag as inappropriate

Any updates?

Submitting...
Albert Ruiz commented · November 21, 2019 08:09 · Flag as inappropriate

news? some other workaround?

Submitting...
Frank commented · November 21, 2019 04:06 · Flag as inappropriate

any target date or roadmap available yet?

Submitting...
Manoj Singh commented · September 23, 2019 11:18 · Flag as inappropriate

please give some other workaround. I am stuck since my client only supports mutual ssl.

Submitting...
Anonymous commented · July 25, 2019 03:48 · Flag as inappropriate

news?

Submitting...
Timir commented · July 20, 2019 07:49 · Flag as inappropriate

Is it something available now?

Submitting...
Chad commented · July 09, 2019 09:32 · Flag as inappropriate

Please consider adding a "x-forwarded-client-cert" style header so we can validate the client certificate in downstream proxies (ex: Azure Api Management)

Submitting...
Daniel Scheiner commented · July 04, 2019 07:41 · Flag as inappropriate

It has been 3 years... can the community help?
Your customers are getting concerned!

Submitting...
Jean-Yves LAUGEL commented · June 26, 2019 01:17 · Flag as inappropriate

Any news ? Any ETA ?
Thanks !

Submitting...
ross baker commented · June 24, 2019 02:03 · Flag as inappropriate

Hi any update please ?

Submitting...
ross baker commented · June 20, 2019 05:44 · Flag as inappropriate

Any update please this is a key feature.

Submitting...
ross baker commented · June 19, 2019 07:13 · Flag as inappropriate

Any update please ?

Submitting...
Anonymous commented · May 10, 2019 06:15 · Flag as inappropriate

Any updates on this?

Submitting...
Param Bindra commented · May 01, 2019 13:36 · Flag as inappropriate

This was reported in 2015 and planned working on Oct 2018. This is much needed feature. Do we have it now? Please confirm.

Submitting...
Martin Francis commented · April 22, 2019 06:59 · Flag as inappropriate

would this cover mutual TLS . Use case would be to only allow traffic from specific clients to be allowed . Not requiring to allow clients based on IP

Submitting...
Harees Syed commented · April 17, 2019 12:17 · Flag as inappropriate

ETA please

Submitting...