How do I store known client-certificates for an HTTP-triggered Azure Function?
I'd like to only allow requests to an HTTP-triggered Azure Function that include a well-known client-certificate.
I do not want requests forwarded to the Azure Function that are not "approved".
- I have set
Client-certificate modetoRequire
Where is the Trust Store in Azure where I can store these well-known, client public certificates?
- How do I point AppService to look at this Trust Store?
Host your azure functions behind an APIM then you can use APIM to manage your client certificates. You can then use the Client Certificates page in the azure portal to upload your client certificates to the APIM resource and configure the APIM policy to only allow trusted clients.
For setting up APIM over your azure functions see : https://learn.microsoft.com/en-us/learn/modules/build-serverless-api-with-functions-api-management/
For using client certificates to secure access to an API : https://learn.microsoft.com/en-us/learn/modules/control-authentication-with-apim/4-secure-access-client-certs