Ensure that your Microsoft Azure App Service web applications are configured to request an SSL certificate for all incoming requests, for security and compliance purposes. Once the certificate is implemented, only web clients that have this valid SSL certificate will be able to reach your application. By default, incoming client certificates are disabled for Azure App Service web applications.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
The SSL/TLS mutual authentication approach utilized in enterprise cloud environments ensures the authenticity of web clients to the application server. If incoming client certificates are enabled, then only an authenticated client with a valid SSL certificate can access the web application.
Audit
To determine if your Azure App Service web applications are configured to use incoming client certificates, perform the following actions:
Remediation / Resolution
To update the TLS/SSL configuration settings for your Microsoft Azure App Service web applications in order to enable incoming client certificates, perform the following actions:
References
- Azure Official Documentation
- App Service
- Secure a custom DNS name with an SSL binding in Azure App Service
- CIS Microsoft Azure Foundations
- Azure PowerShell Documentation
- az webapp
- az webapp list
- az webapp show
- az webapp update
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Enable Incoming Client Certificates
Risk level: Medium