Ensure Web App has incoming client certificates enabled
Error: Web App does not have incoming client certificates enabled
Bridgecrew Policy ID: BC_AZR_NETWORKING_7
Checkov Check ID: CKV_AZURE_17
Severity: MEDIUM
Web App does not have incoming client certificates enabled
Description
Client certificates allow the Web App to require a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app.
The TLS mutual authentication technique in enterprise environments ensures the authenticity of clients to the server. If incoming client certificates are enabled only an authenticated client with valid certificates can access the app.
Fix - Runtime
Azure Portal
To change the policy using the Azure Portal, follow these steps:
- Log in to the Azure Portal at https://portal.azure.com.
- Navigate to App Services.
- For each Web App, click App.
a) Navigate to Setting section.
b) Click SSL Settings.
c) Navigate to Protocol Settings section.
d) Set Incoming client certificates to On.
CLI Command
To set Incoming client certificates value for an existing app, use the following command:
az webapp update
--resource-group <RESOURCE_GROUP_NAME>
--name <APP_NAME>
--set clientCertEnabled=true
Fix - Buildtime
Terraform
- Resource: azurerm_app_service
- Argument: client_cert_enabled
resource "azurerm_app_service" "example" {
...
+ client_cert_enabled = true
}
Updated 10 months ago
Did this page help you?