Skip to content

Latest commit

 

History

History
27 lines (22 loc) · 1.99 KB

client-certificates-enabled.md

File metadata and controls

27 lines (22 loc) · 1.99 KB

CloudSploit

AZURE / App Service / Client Certificates Enabled

Quick Info

Plugin Title Client Certificates Enabled
Cloud AZURE
Category App Service
Description Ensures Client Certificates are enabled for App Services, only allowing clients with valid certificates to reach the app
More Info Enabling Client Certificates will block all clients that do not have a valid certificate from accessing the app.
AZURE Link https://docs.microsoft.com/en-us/azure/app-service/app-service-web-configure-tls-mutual-auth#enable-client-certificates
Recommended Action Enable incoming client certificate SSL setting for all App Services.

Detailed Remediation Steps

  1. Log into the Microsoft Azure Management Console.
  2. Select the "Search resources, services, and docs" option at the top and search for App Services.
  3. Select the "App Services" by clicking on the "Name" link to access the configuration changes.
  4. On left navigation panel that opens, click on Configuration tab.</br
  5. Select General settings tab on the Configurations page.
  6. Scroll down to check for Incoming client certificates at the bottom and select one of the following "Required", "Allowed", or "Optional", according to requirement. .
  7. Repeat above steps to ensures "Client Certificates" are enabled for "App Services", only allowing clients with valid certificates to reach the app.

    "NOTE: This plugin shows positive result when HTTP2.0 is enabled"