In this second post, we expand on the solution from the previous post. We’ll deploy API Management inside a virtual network, positioning it behind an application gateway. We’ll configure the application gateway with an mTLS listener to validate client certificates and forward them to API Management for further processing. This approach can also be used with other types of backends, such as an ASP.NET Web API.
This blog post is the start of a series on how to work with client certificates in Azure API Management to setup a mutual TLS (mTLS) connection. While Azure’s official documentation provides excellent guidance on setting up client certificates via the Azure Portal, we’ll dive into utilizing Bicep and the Azure CLI, to automate the process. In this first post, we’ll cover the basics of how to validate client certificates in API Management.
In this post I explain how to deploy an Azure workbook using Bicep and set environment specific variables. I’ll also show how to deploy a shared kusto function in Application Insights with the Azure CLI.
