Allow Mutual SSL Auth on Application Gateway
At the moment SSL termination is possible with Application Gateway but it doesn't cater for instances where client authentication is required (mutual auth). So if client auth is required, SSL needs to be passed through and terminated on each of the web servers. This increases load across the server farm and makes management of certificates more difficult since all certs need to be maintained on all servers. I believe this function is available with API Management but the additional cost is hard to justify if one doesn't require the other additional features. So having mutual SSL auth capability built into the Application Gateway would be fantastic.
Thanks for all your feedback so far. This is something we are looking to address relatively soon. Please stay tuned.
is this feature on the roadmap?
Laurent Caille commented
Any updates on this feature? We would need it in the future.
Michael A commented
Has there been any update on this feature for Azure Application Gateway?
Lee Lu commented
Any update on this? We do need this feature in one of our clients' (Covestro) production environment which is built on top of Sitecore 9. Please keep posted.
Farzad Eshaghi commented
Albert Ruiz commented
news? some other workaround?
any target date or roadmap available yet?
Manoj Singh commented
please give some other workaround. I am stuck since my client only supports mutual ssl.
Is it something available now?
Please consider adding a "x-forwarded-client-cert" style header so we can validate the client certificate in downstream proxies (ex: Azure Api Management)
Daniel Scheiner commented
It has been 3 years... can the community help?
Your customers are getting concerned!
Jean-Yves LAUGEL commented
Any news ? Any ETA ?
Hi any update please ?
Any update please this is a key feature.
Any update please ?
Any updates on this?
Param Bindra commented
This was reported in 2015 and planned working on Oct 2018. This is much needed feature. Do we have it now? Please confirm.
Martin Francis commented
would this cover mutual TLS . Use case would be to only allow traffic from specific clients to be allowed . Not requiring to allow clients based on IP
Harees Syed commented