Azure-docs: Client Certificate Cryptographic validation?

Created on 19 Oct 2020 · 2Comments · Source: MicrosoftDocs/azure-docs

According to this (great) Microsoft article, there is a cryptographic check that occurs for Client Certificate Authentication:

"The client is authenticated by using its private key to sign a hash of all the messages up to this point. The recipient verifies the signature using the public key of the signer, thus ensuring it was signed with the client’s private key."

How is this cryptographic validation completed using mTLS and Azure Functions?

I understand how to compare certificate properties as outlined in the article Configure TLS mutual authentication - Azure App Service, but how is this crypto check performed?

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: eb440603-950a-c224-f6c9-222ca502d5a5
Version Independent ID: 0b5c4944-0327-91fc-2b0b-c19a1b873b64
Content: Configure TLS mutual authentication - Azure App Service
Content Source: articles/app-service/app-service-web-configure-tls-mutual-auth.md
Service: app-service
GitHub Login: @cephalin
Microsoft Alias: cephalin

Pri2 app-servicsvc cxp escalated-product-team product-question triaged

Source

SeaDude

All 2 comments

@SeaDude Thank you for your query, our team will look into it and get back to you at the earliest.

BharathNimmala-MSFT on 20 Oct 2020

👍1

Found out from one of my colleagues that the TLS handshake negotiated by Microsofts server (load balancer/host server for the Function) contains the cryptographic check which validates:

When we turn on HTTPS for a given Function
There is a step in the TLS handshake that validates the client is in possession of the private key for the certificate they are presenting

SeaDude on 25 Oct 2020

👍1

Was this page helpful?

0 / 5 - 0 ratings