App Service web apps should have ‘Incoming client certificates’ enabled¶
Description¶
Client certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app.
Remediation Steps¶
Azure Portal¶
Navigate to App Services.
Select your App Service.
In the left navigation, select Configuration.
Select General settings.
In Client certificate mode, select Require and click Save.
Azure CLI¶
To enable incoming client certificates:
az webapp update --set clientCertEnabled=true --name <app_name> --resource-group <group_name>
Azure Resource Manager¶
Ensure that a Microsoft.Web/sites resource contains the following:
{
"properties": {
"clientCertEnabled": true
}
}
Example Configuration¶
{
"type": "Microsoft.Web/sites",
"apiVersion": "2021-02-01",
"properties": {
"clientCertEnabled": true
}
# other required fields here
}
Terraform¶
Ensure that an azurerm_app_service contains the following:
client_cert_enabled
= true
Example Configuration¶
resource "azurerm_app_service" "example" {
client_cert_enabled = true
# other required fields here
}