Mutual TLS
Mutual TLS is a common security practice that uses client TLS certificates to provide an additional layer of protection, allowing cryptographically verifying the client information.
In most cases when you try to access a secured HTTPS/TLS endpoint, you experience only the client-side check of the server certificate. The purpose of this check is to ensure that no fraud is involved and the data transfer between the client and server is encrypted.
In fact, the TLS standard allows specifying the client certificate as well, so the server can accept connections only for clients with certificates registered with the server certificate authority, or provide additional security checks based on the information stored in the client certificate. This is what we call “Mutual TLS” - when both sides of the connection verify certificates.
In Application Gateway, you can enable MTLS by going to the update API page, in the Settings tab, there is one section name Authentication in which you can click on the toggle Enable Mutual TLS.
You can add the certificate by clicking on the Add Certificate.
Upload the certificate from here.
After uploading the certificate, you can see the certificate Id on the left-hand-side table.
It only except a .pem type certificate.
You can't add the same certificate again. It will show the error.
By clicking on the '+' button the certificate gets added to the right-hand-side table and you can add that certificate to your API.
You can also add the certificate to the API, which you have already uploaded by adding the Id in the certificate ID section.
You can not add the same certificate again. It will show the error.
You can also remove the certificate from your API by clicking on the "-" button on the right-hand-side table.