0

I am trying to secure the client API in API Management using the client certificates.

context.Deployment.Certificates.Any(c => c.Value.Thumbprint == context.Request.Certificate.Thumbprint)

only checks against the certificates stored in "Certificate" directory and not against "CA Certificate"

How do I get all the certificates stored in CA Certificates and then compare against the thumbprint

Nishank
  • 159
  • 1
  • 11

1 Answers1

0

There is no runtime access to that collection. The purpose of CA certificates is to make sure that SSL certificates and any certificate you call .Validate on can build and validate chain.

Vitaliy Kurokhtin
  • 7,205
  • 1
  • 19
  • 18
  • Thanks for your response. Does that mean Certificate.Verify() would only work on CA certificates, and for it to work certificate should be uploaded to CA Certificate folder? I tried uploading a self signed certificate but Verify() or the VerifyNoRevocation() did not work. – Nishank Feb 29 '20 at 03:17
  • When you call .Verify() APIM will try to build certificate chain. Whatever certificates are required to build a valid chain must be uploaded into CA certificates. – Vitaliy Kurokhtin Mar 19 '20 at 22:07