Let’s see how to secure API using Client Certificate in Azure API management
- Make sure you have SSL added on Custom Domain
- Negotiate Certificate is Checked
![](https://www.azure365pro.com/wp-content/uploads/2022/09/image.png)
Now let’s generate a Custom Client Certificate to be used on the Client Side using Windows Powershell
![](https://www.azure365pro.com/wp-content/uploads/2022/09/image-1.png)
New-SelfSignedCertificate -DnsName "azure365pro", "azure365pro" -CertStoreLocation "cert:\LocalMachine\My" -NotAfter (Get-Date).AddYears(10) -FriendlyName "CAazure365pro" -KeyUsageProperty All -KeyUsage CertSign, CRLSign, DigitalSignature $mypwd = ConvertTo-SecureString -String "123" -Force -AsPlainText Get-ChildItem -Path cert:\localMachine\my\4D589CA579F672252668920A54D52DEDB16A9688 | Export-PfxCertificate -FilePath "C:\Scripts\certs.pfx" -Password $mypwd
Now Cert is ready
![](https://www.azure365pro.com/wp-content/uploads/2022/09/image-2.png)
Add Certificates
![](https://www.azure365pro.com/wp-content/uploads/2022/09/image-4-1024x462.png)
you can use key vault – in this case and uploading directly
![](https://www.azure365pro.com/wp-content/uploads/2022/09/image-3-1024x275.png)
Now update the Inbound policy as below to use thumbprint directly without uploading the certificate to API management
![](https://www.azure365pro.com/wp-content/uploads/2022/09/image-5-1024x489.png)
if you want to use from the uploaded client certificates list use below
![](https://www.azure365pro.com/wp-content/uploads/2022/09/image-6-1024x489.png)
Now lets call the API using Client Certificate using postman
![](https://www.azure365pro.com/wp-content/uploads/2022/09/image-7.png)
Add the certificate
![](https://www.azure365pro.com/wp-content/uploads/2022/09/image-9.png)
![](https://www.azure365pro.com/wp-content/uploads/2022/09/image-10.png)
if you call the call the API without a certificate
![](https://www.azure365pro.com/wp-content/uploads/2022/09/image-12-1024x491.png)
if you call the call the API with the client certificate
![](https://www.azure365pro.com/wp-content/uploads/2022/09/image-13-1024x618.png)
What will be the implications if Negotiate Client Certificate is disabled?