Share via

is any way to disable ssl certification in azure apim

Akhila 0 Reputation points
2024-11-15T17:05:19.64+00:00

I am sharing a sample code snippet for an APIM policy that fails due to certificate validation. Is there an option to disable SSL validation, similar to how Postman allows enabling or disabling it?

<send-request mode="new" response-variable-name="test" timeout="100" ignore-error="true">

<set-url>https://{{ServiceUrl}}</set-url>

<set-method>POST</set-method>

<set-header name="Authorization" exists-action="override">

<value>Basic {{Token}}</value>

</set-header>

<set-header name="Content-Type" exists-action="override">

<value>application/json</value>

</set-header>

<set-body template="liquid">

</set-body>

</send-request>

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,184 questions
Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
1,038 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sina Salam 12,246 Reputation points
    2024-11-15T20:46:07.3966667+00:00

    Hello Akhila,

    Welcome to the Microsoft Q&A and thank you for posting your questions here.

    I understand that you would like to know if there is any way to disable SSL certification in azure APIM.

    In Azure API Management (APIM), there isn’t a direct option to disable SSL validation within the policy definitions, unlike Postman where you can easily toggle SSL validation on or off. However, you can handle certificate validation issues by using a different approach, such as configuring your backend service to trust the certificate or using a self-signed certificate that is trusted by your APIM instance.

    • Though, this is a general approach to handle SSL certificate validation issues, it will solve your challenges:
    • Check that the certificate used by your backend service is trusted by the APIM instance. You can upload the certificate to the APIM instance so that it trusts the backend service’s certificate.
    • If you are using a self-signed certificate, make sure it is added to the trusted root certificate authorities in your APIM instance.
    • If you are using a custom domain, ensure that the custom domain’s certificate is correctly configured and trusted by the APIM instance.

    Unfortunately, there is no built-in policy to disable SSL validation directly in APIM. If you need to bypass SSL validation for testing purposes, consider using a different environment or tool where you can control SSL settings more granularly. So, this is an example of how you might configure a policy to handle a request, but note that SSL validation cannot be disabled directly:

    <send-request mode="new" response-variable-name="test" timeout="100" ignore-error="true">
    <set-url>https://{{ServiceUrl}}</set-url>
    <set-method>POST</set-method>
    <set-header name="Authorization" exists-action="override">
        <value>Basic {{Token}}</value>
    </set-header>
    <set-header name="Content-Type" exists-action="override">
        <value>application/json</value>
    </set-header>
    <set-body template="liquid">
    </set-body>
</send-request>

    I hope this is helpful! Do not hesitate to let me know if you have any other questions.

    Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.