Add custom CA Certificate to APIM Std V2

Hi @Stephane BOUILLON ,

Thanks for reaching out to Microsoft Q&A.

I’ve tested this in my environment, and as you noticed while following the documentation here: Configure CA Certificates, the "CA Certificates" option is not visible on the Azure Portal UI when accessing the backend entity.

I have consulted with the internal team regarding the same and learned that this feature, introduced in version 0.49, had to be rolled back due to issues it caused when creating and updating backends. Currently, the code is under review, and unfortunately, there is no estimated timeline for when this feature will be reintroduced.

Until the feature is reinstated, there is no alternative available for trusting backend services with certificates that aren't signed by a known Certificate Authority. To validate the server certificate, the root certificate that signed the intermediate certificate in the SSL handshake would need to be present in the Windows certificate store. This is a limitation of the previous v2 services Azure API Management V2 Service Tiers Limitations, which is why the “CA certificates” option is not visible.

The available workaround you can use for calling your backend is the method you are already implementing. This can be executed by creating a backend and disabling backend certificate validation in the backend's advanced options, as mentioned here: Create a Backend.

Hope it helps!

Please do not forget to click "Accept the answer” and Yes, this can be beneficial to other community members.

If you have any other questions, let me know in the "comments" and I would be happy to help you.