Container Apps accepts client certificates in the PKCS12 format are that issued by a trusted certificate authority (CA),
or are self-signed.
When using a self-signed certificate with Azure Container Apps, Browsers are not displaying the dialog for choosing a certificate (see picture bellow as an example)
Why?
When connecting to an example url with openssl like
openssl s_client -connect example.orangeflower-e2c8aa9e.westeurope.azurecontainerapps.io:443 -prexit
Connecting to 4.245.91.200
CONNECTED(00000005)
depth=2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
verify return:1
depth=1 C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 04
verify return:1
depth=0 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=orangeflower-e2c8aa9e.westeurope.azurecontainerapps.io
verify return:1
---
Certificate chain
0 s:C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=orangeflower-e2c8aa9e.westeurope.azurecontainerapps.io
i:C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 04
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA384
v:NotBefore: Jun 3 09:40:13 2024 GMT; NotAfter: May 29 09:40:13 2025 GMT
1 s:C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 04
i:C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA384
v:NotBefore: Jun 8 00:00:00 2023 GMT; NotAfter: Aug 25 23:59:59 2026 GMT
2 s:C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
i:C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Aug 1 12:00:00 2013 GMT; NotAfter: Jan 15 12:00:00 2038 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIJsTCCB5mgAwIBAgITMwBYufTP+xMfY1FepQAAAFi59DANBgkqhkiG9w0BAQwF
ADBdMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u
MS4wLAYDVQQDEyVNaWNyb3NvZnQgQXp1cmUgUlNBIFRMUyBJc3N1aW5nIENBIDA0
MB4XDTI0MDYwMzA5NDAxM1oXDTI1MDUyOTA5NDAxM1owgY0xCzAJBgNVBAYTAlVT
MQswCQYDVQQIEwJXQTEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9z
b2Z0IENvcnBvcmF0aW9uMT8wPQYDVQQDEzZvcmFuZ2VmbG93ZXItZTJjOGFhOWUu
d2VzdGV1cm9wZS5henVyZWNvbnRhaW5lcmFwcHMuaW8wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC/xmDHF0McRfv7SxNTu999cz049iokSDxZ9TTeFqvW
b0mwcXrm03lKhfTfOcbLF3M9170Qp267lV1YS8QdzaQngVnoV2/y/lQX2mQBkH5w
F/d8bbsKY4sVyclSbqDw3VJ/aYaB7UbCauHuullk4Y3D2A6jyKfGlP0nsJBogA4J
82u7I8LlvNjlGPvKpLojpfvtLTxKd1omaVWf7Yb88AOPDMsCMVczz23eCKoeKK/h
ZPD0cXh56+XUPvoEWa6dQN4iQatcuIhzsuD8KXZWvvxT6kA0witcNx3yl+uJwasE
Qjc0IbDCm49R0aNgT8uGdMPTHmACxNSiSGza4VRdk55JAgMBAAGjggU3MIIFMzCC
AX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHUAzxFW7tUufK/zh1vZaS6b6RpxZ0qw
F+ysAdJbd87MOwgAAAGP3YG0XQAABAMARjBEAiAV+yQDhTVVftYqFOEu5hPjlzSK
6NxREL2wr8mqOKBM9AIgOT96bh9Dt6z0IOHJ3WcWAhjFOOsYTe2mbhgPc83tBkYA
dwB9WR4S4XgqexxhZ3xe/fjQh1wUoE6VnrkDL9kOjC55uAAAAY/dgbQPAAAEAwBI
MEYCIQCiXV4BNW2oBHMhWfapVMIQg5iTVUwk9NxC44oDzFqWuwIhALdqFK2mw26N
cewMki6TrUfDEDQh3fMLJQCsG+jXa266AHYA4JKz/AwdyOdoNh/eYbmWTQpSeBmK
ctZyxLBNpW1vVAQAAAGP3YG0kAAABAMARzBFAiEA6OA+zR3U5jLchT1lc5cLlvdm
4L57YS415MkBxupT9AkCICljZKqX52y0IT4sPteRn6E9YwOvOPPR/HSmkg6vU8AO
MCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPAYJKwYB
BAGCNxUHBC8wLQYlKwYBBAGCNxUIh73XG4Hn60aCgZ0ujtAMh/DaHV2ChOVpgvOn
PgIBZAIBJjCBtAYIKwYBBQUHAQEEgacwgaQwcwYIKwYBBQUHMAKGZ2h0dHA6Ly93
d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwQXp1cmUl
MjBSU0ElMjBUTFMlMjBJc3N1aW5nJTIwQ0ElMjAwNCUyMC0lMjB4c2lnbi5jcnQw
LQYIKwYBBQUHMAGGIWh0dHA6Ly9vbmVvY3NwLm1pY3Jvc29mdC5jb20vb2NzcDAd
BgNVHQ4EFgQUZ1OAKDSnN7WJ2H+pqZLkGmOh8DcwDgYDVR0PAQH/BAQDAgWgMIIB
PgYDVR0RBIIBNTCCATGCOCoub3JhbmdlZmxvd2VyLWUyYzhhYTllLndlc3RldXJv
cGUuYXp1cmVjb250YWluZXJhcHBzLmlvgjwqLnNjbS5vcmFuZ2VmbG93ZXItZTJj
OGFhOWUud2VzdGV1cm9wZS5henVyZWNvbnRhaW5lcmFwcHMuaW+CQSouaW50ZXJu
YWwub3JhbmdlZmxvd2VyLWUyYzhhYTllLndlc3RldXJvcGUuYXp1cmVjb250YWlu
ZXJhcHBzLmlvgjwqLmV4dC5vcmFuZ2VmbG93ZXItZTJjOGFhOWUud2VzdGV1cm9w
ZS5henVyZWNvbnRhaW5lcmFwcHMuaW+CNm9yYW5nZWZsb3dlci1lMmM4YWE5ZS53
ZXN0ZXVyb3BlLmF6dXJlY29udGFpbmVyYXBwcy5pbzAMBgNVHRMBAf8EAjAAMGoG
A1UdHwRjMGEwX6BdoFuGWWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMv
Y3JsL01pY3Jvc29mdCUyMEF6dXJlJTIwUlNBJTIwVExTJTIwSXNzdWluZyUyMENB
JTIwMDQuY3JsMGYGA1UdIARfMF0wUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUH
AgEWM2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0
b3J5Lmh0bTAIBgZngQwBAgIwHwYDVR0jBBgwFoAUO3DRU+l2JZ1gqMpmD8abrm9U
FmowHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBDAUA
A4ICAQB2MndNhgIY+ocwk/7mBcdX79vFSdhvtE6a6oBXpN0EtOJLq+ERKElN3FB0
Pop06Ur39Z2mfuCYZvLHelRSiaIIttKMBmK/8bS96gMv8Y5giMNCn0bI7YCC/eyd
1WWb5u3N/7g0Mmfyi7RNo4/1MZeaNklEgUYhGYVilvvLKXxmnZ5wQc+2wiG7kbIj
2TNskpVvYcm3q6Jo6IVHCyOCqb52zfU0yoo2cS9osar21vPpbYSJfsP5OecZUYW1
MqktbqIobz+kuZsUq48TqxbMCuTg73AjQuWlLsjyMC7fez3R1Bzn4WNLmj2g5mfZ
5fsOx7v/kxMoCpOFqxxY+2negB24tg8cOHgACb151Iri0tLe8jDk/Wq0BVFlMudw
EvWG5dIc+1/sbDko+7MyWgvRwp8eEkJrF72KGloCaBQ/MKh8Qoy1/7yMTFoLoJwj
pO/Ex/AtdYx/oJGVltlR9RCdhiYpIAafOM0O69eem1ZQW1VBY4FASO9p4L6o133T
UKd0AK76KwgBIhGceQGEbXDpWsd3yw4zxeZKL/5OzypW36eiGDqFgjII5igqTfDu
nhp6CzetpZLtT9tdo5z8bGb/sqihWXPgzJvUdAmkxPXPdFYT3qq00sdOg8bSnAJV
u5t2EbMdP7xxxrrhjXNNESgA4hmjbiP8y68mm6h235vaimgXYw==
-----END CERTIFICATE-----
subject=C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=orangeflower-e2c8aa9e.westeurope.azurecontainerapps.io
issuer=C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 04
---
Acceptable client certificate CA names
CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES
C=ES, O=FNMT-RCM, OU=AC RAIZ FNMT-RCM
C=ES, O=FNMT-RCM, OU=Ceres, organizationIdentifier=VATES-Q2826004J, CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS
serialNumber=G63287510, C=ES, O=ANF Autoridad de Certificacion, OU=ANF CA Raiz, CN=ANF Secure Server Root CA
C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
C=US, O=AffirmTrust, CN=AffirmTrust Commercial
C=US, O=AffirmTrust, CN=AffirmTrust Networking
C=US, O=AffirmTrust, CN=AffirmTrust Premium
C=US, O=AffirmTrust, CN=AffirmTrust Premium ECC
C=US, O=Amazon, CN=Amazon Root CA 1
C=US, O=Amazon, CN=Amazon Root CA 2
C=US, O=Amazon, CN=Amazon Root CA 3
C=US, O=Amazon, CN=Amazon Root CA 4
CN=Atos TrustedRoot 2011, O=Atos, C=DE
C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA
C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA
C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig Root R2
C=CN, O=China Financial Certification Authority, CN=CFCA EV ROOT
C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority
C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority
C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
C=US, O=Certainly, CN=Certainly Root E1
C=US, O=Certainly, CN=Certainly Root R1
C=FR, O=Dhimyotis, CN=Certigna
C=FR, O=Dhimyotis, OU=0002 48146308100036, CN=Certigna Root CA
C=PL, O=Asseco Data Systems S.A., OU=Certum Certification Authority, CN=Certum EC-384 CA
C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 2
C=PL, O=Asseco Data Systems S.A., OU=Certum Certification Authority, CN=Certum Trusted Root CA
C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
C=DE, O=D-Trust GmbH, CN=D-TRUST BR Root CA 1 2020
C=DE, O=D-Trust GmbH, CN=D-TRUST EV Root CA 1 2020
C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G2
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G3
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
C=US, O=DigiCert, Inc., CN=DigiCert TLS ECC P384 Root G5
C=US, O=DigiCert, Inc., CN=DigiCert TLS RSA4096 Root G5
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4
C=TR, L=Ankara, O=E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., OU=E-Tugra Sertifikasyon Merkezi, CN=E-Tugra Certification Authority
C=TR, L=Ankara, O=E-Tugra EBG A.S., OU=E-Tugra Trust Center, CN=E-Tugra Global Root CA ECC v3
C=TR, L=Ankara, O=E-Tugra EBG A.S., OU=E-Tugra Trust Center, CN=E-Tugra Global Root CA RSA v3
O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - EC1
C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2015 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G4
C=CN, O=GUANG DONG CERTIFICATE AUTHORITY CO.,LTD., CN=GDCA TrustAUTH R5 ROOT
C=AT, O=e-commerce monitoring GmbH, CN=GLOBALTRUST 2020
C=US, O=Google Trust Services LLC, CN=GTS Root R1
C=US, O=Google Trust Services LLC, CN=GTS Root R2
C=US, O=Google Trust Services LLC, CN=GTS Root R3
C=US, O=Google Trust Services LLC, CN=GTS Root R4
OU=GlobalSign ECC Root CA - R4, O=GlobalSign, CN=GlobalSign
OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
OU=GlobalSign Root CA - R6, O=GlobalSign, CN=GlobalSign
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Root E46
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Root R46
C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
C=GR, O=Hellenic Academic and Research Institutions CA, CN=HARICA TLS ECC Root CA 2021
C=GR, O=Hellenic Academic and Research Institutions CA, CN=HARICA TLS RSA Root CA 2021
C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions ECC RootCA 2015
C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2015
C=TW, O=Chunghwa Telecom Co., Ltd., CN=HiPKI Root CA - G1
C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1
C=HK, ST=Hong Kong, L=Hong Kong, O=Hongkong Post, CN=Hongkong Post Root CA 3
C=US, O=Internet Security Research Group, CN=ISRG Root X1
C=US, O=Internet Security Research Group, CN=ISRG Root X2
C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1
C=US, O=IdenTrust, CN=IdenTrust Public Sector Root CA 1
C=ES, O=IZENPE S.A., CN=Izenpe.com
C=HU, L=Budapest, O=Microsec Ltd., CN=Microsec e-Szigno Root CA 2009, emailAddress=info@e-szigno.hu
C=US, O=Microsoft Corporation, CN=Microsoft ECC Root Certificate Authority 2017
C=US, O=Microsoft Corporation, CN=Microsoft RSA Root Certificate Authority 2017
C=KR, O=NAVER BUSINESS PLATFORM Corp., CN=NAVER Global Root Certification Authority
C=HU, L=Budapest, O=NetLock Kft., OU=Tanúsítványkiadók (Certification Services), CN=NetLock Arany (Class Gold) Főtanúsítvány
C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GB CA
C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GC CA
C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 1 G3
C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3
C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3 G3
C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority ECC
C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority RSA R2
C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority ECC
C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority RSA
C=PL, O=Krajowa Izba Rozliczeniowa S.A., CN=SZAFIR ROOT CA2
C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA11
C=US, O=SecureTrust Corporation, CN=SecureTrust CA
C=US, O=SecureTrust Corporation, CN=Secure Global CA
C=JP, O=SECOM Trust Systems CO.,LTD., CN=Security Communication ECC RootCA1
C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
C=JP, O=SECOM Trust Systems CO.,LTD., CN=Security Communication RootCA3
C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2
C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3
C=TR, L=Gebze - Kocaeli, O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK, OU=Kamu Sertifikasyon Merkezi - Kamu SM, CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Global Root CA
C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
O=TeliaSonera, CN=TeliaSonera Root CA v1
C=FI, O=Telia Finland Oyj, CN=Telia Root CA v2
C=US, ST=Illinois, L=Chicago, O=Trustwave Holdings, Inc., CN=Trustwave Global Certification Authority
C=US, ST=Illinois, L=Chicago, O=Trustwave Holdings, Inc., CN=Trustwave Global ECC P256 Certification Authority
C=US, ST=Illinois, L=Chicago, O=Trustwave Holdings, Inc., CN=Trustwave Global ECC P384 Certification Authority
C=TN, O=Agence Nationale de Certification Electronique, CN=TunTrust Root CA
C=CN, O=UniTrust, CN=UCA Extended Validation Root
C=CN, O=UniTrust, CN=UCA Global G2 Root
C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority
C=RO, O=certSIGN, OU=certSIGN ROOT CA
C=RO, O=CERTSIGN SA, OU=certSIGN ROOT CA G2
C=HU, L=Budapest, O=Microsec Ltd., organizationIdentifier=VATHU-23584497, CN=e-Szigno Root CA 2017
C=TW, O=Chunghwa Telecom Co., Ltd., OU=ePKI Root Certification Authority
C=US, OU=emSign PKI, O=eMudhra Inc, CN=emSign ECC Root CA - C3
C=IN, OU=emSign PKI, O=eMudhra Technologies Limited, CN=emSign ECC Root CA - G3
C=US, OU=emSign PKI, O=eMudhra Inc, CN=emSign Root CA - C1
C=IN, OU=emSign PKI, O=eMudhra Technologies Limited, CN=emSign Root CA - G1
C=CN, O=iTrusChina Co.,Ltd., CN=vTrus ECC Root CA
C=CN, O=iTrusChina Co.,Ltd., CN=vTrus Root CA
Requested Signature Algorithms: ECDSA+SHA256:RSA-PSS+SHA256:RSA+SHA256:ECDSA+SHA384:RSA-PSS+SHA384:RSA+SHA384:RSA-PSS+SHA512:RSA+SHA512:RSA+SHA1
Shared Requested Signature Algorithms: ECDSA+SHA256:RSA-PSS+SHA256:RSA+SHA256:ECDSA+SHA384:RSA-PSS+SHA384:RSA+SHA384:RSA-PSS+SHA512:RSA+SHA512
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 19401 bytes and written 481 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
00CCB4F601000000:error:0A00045C:SSL routines:ssl3_read_bytes:tlsv13 alert certificate required:ssl/record/rec_layer_s3.c:907:SSL alert number 116
---
Certificate chain
0 s:C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=orangeflower-e2c8aa9e.westeurope.azurecontainerapps.io
i:C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 04
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA384
v:NotBefore: Jun 3 09:40:13 2024 GMT; NotAfter: May 29 09:40:13 2025 GMT
1 s:C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 04
i:C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA384
v:NotBefore: Jun 8 00:00:00 2023 GMT; NotAfter: Aug 25 23:59:59 2026 GMT
2 s:C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
i:C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Aug 1 12:00:00 2013 GMT; NotAfter: Jan 15 12:00:00 2038 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIJsTCCB5mgAwIBAgITMwBYufTP+xMfY1FepQAAAFi59DANBgkqhkiG9w0BAQwF
ADBdMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u
MS4wLAYDVQQDEyVNaWNyb3NvZnQgQXp1cmUgUlNBIFRMUyBJc3N1aW5nIENBIDA0
MB4XDTI0MDYwMzA5NDAxM1oXDTI1MDUyOTA5NDAxM1owgY0xCzAJBgNVBAYTAlVT
MQswCQYDVQQIEwJXQTEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9z
b2Z0IENvcnBvcmF0aW9uMT8wPQYDVQQDEzZvcmFuZ2VmbG93ZXItZTJjOGFhOWUu
d2VzdGV1cm9wZS5henVyZWNvbnRhaW5lcmFwcHMuaW8wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC/xmDHF0McRfv7SxNTu999cz049iokSDxZ9TTeFqvW
b0mwcXrm03lKhfTfOcbLF3M9170Qp267lV1YS8QdzaQngVnoV2/y/lQX2mQBkH5w
F/d8bbsKY4sVyclSbqDw3VJ/aYaB7UbCauHuullk4Y3D2A6jyKfGlP0nsJBogA4J
82u7I8LlvNjlGPvKpLojpfvtLTxKd1omaVWf7Yb88AOPDMsCMVczz23eCKoeKK/h
ZPD0cXh56+XUPvoEWa6dQN4iQatcuIhzsuD8KXZWvvxT6kA0witcNx3yl+uJwasE
Qjc0IbDCm49R0aNgT8uGdMPTHmACxNSiSGza4VRdk55JAgMBAAGjggU3MIIFMzCC
AX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHUAzxFW7tUufK/zh1vZaS6b6RpxZ0qw
F+ysAdJbd87MOwgAAAGP3YG0XQAABAMARjBEAiAV+yQDhTVVftYqFOEu5hPjlzSK
6NxREL2wr8mqOKBM9AIgOT96bh9Dt6z0IOHJ3WcWAhjFOOsYTe2mbhgPc83tBkYA
dwB9WR4S4XgqexxhZ3xe/fjQh1wUoE6VnrkDL9kOjC55uAAAAY/dgbQPAAAEAwBI
MEYCIQCiXV4BNW2oBHMhWfapVMIQg5iTVUwk9NxC44oDzFqWuwIhALdqFK2mw26N
cewMki6TrUfDEDQh3fMLJQCsG+jXa266AHYA4JKz/AwdyOdoNh/eYbmWTQpSeBmK
ctZyxLBNpW1vVAQAAAGP3YG0kAAABAMARzBFAiEA6OA+zR3U5jLchT1lc5cLlvdm
4L57YS415MkBxupT9AkCICljZKqX52y0IT4sPteRn6E9YwOvOPPR/HSmkg6vU8AO
MCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPAYJKwYB
BAGCNxUHBC8wLQYlKwYBBAGCNxUIh73XG4Hn60aCgZ0ujtAMh/DaHV2ChOVpgvOn
PgIBZAIBJjCBtAYIKwYBBQUHAQEEgacwgaQwcwYIKwYBBQUHMAKGZ2h0dHA6Ly93
d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwQXp1cmUl
MjBSU0ElMjBUTFMlMjBJc3N1aW5nJTIwQ0ElMjAwNCUyMC0lMjB4c2lnbi5jcnQw
LQYIKwYBBQUHMAGGIWh0dHA6Ly9vbmVvY3NwLm1pY3Jvc29mdC5jb20vb2NzcDAd
BgNVHQ4EFgQUZ1OAKDSnN7WJ2H+pqZLkGmOh8DcwDgYDVR0PAQH/BAQDAgWgMIIB
PgYDVR0RBIIBNTCCATGCOCoub3JhbmdlZmxvd2VyLWUyYzhhYTllLndlc3RldXJv
cGUuYXp1cmVjb250YWluZXJhcHBzLmlvgjwqLnNjbS5vcmFuZ2VmbG93ZXItZTJj
OGFhOWUud2VzdGV1cm9wZS5henVyZWNvbnRhaW5lcmFwcHMuaW+CQSouaW50ZXJu
YWwub3JhbmdlZmxvd2VyLWUyYzhhYTllLndlc3RldXJvcGUuYXp1cmVjb250YWlu
ZXJhcHBzLmlvgjwqLmV4dC5vcmFuZ2VmbG93ZXItZTJjOGFhOWUud2VzdGV1cm9w
ZS5henVyZWNvbnRhaW5lcmFwcHMuaW+CNm9yYW5nZWZsb3dlci1lMmM4YWE5ZS53
ZXN0ZXVyb3BlLmF6dXJlY29udGFpbmVyYXBwcy5pbzAMBgNVHRMBAf8EAjAAMGoG
A1UdHwRjMGEwX6BdoFuGWWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMv
Y3JsL01pY3Jvc29mdCUyMEF6dXJlJTIwUlNBJTIwVExTJTIwSXNzdWluZyUyMENB
JTIwMDQuY3JsMGYGA1UdIARfMF0wUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUH
AgEWM2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0
b3J5Lmh0bTAIBgZngQwBAgIwHwYDVR0jBBgwFoAUO3DRU+l2JZ1gqMpmD8abrm9U
FmowHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBDAUA
A4ICAQB2MndNhgIY+ocwk/7mBcdX79vFSdhvtE6a6oBXpN0EtOJLq+ERKElN3FB0
Pop06Ur39Z2mfuCYZvLHelRSiaIIttKMBmK/8bS96gMv8Y5giMNCn0bI7YCC/eyd
1WWb5u3N/7g0Mmfyi7RNo4/1MZeaNklEgUYhGYVilvvLKXxmnZ5wQc+2wiG7kbIj
2TNskpVvYcm3q6Jo6IVHCyOCqb52zfU0yoo2cS9osar21vPpbYSJfsP5OecZUYW1
MqktbqIobz+kuZsUq48TqxbMCuTg73AjQuWlLsjyMC7fez3R1Bzn4WNLmj2g5mfZ
5fsOx7v/kxMoCpOFqxxY+2negB24tg8cOHgACb151Iri0tLe8jDk/Wq0BVFlMudw
EvWG5dIc+1/sbDko+7MyWgvRwp8eEkJrF72KGloCaBQ/MKh8Qoy1/7yMTFoLoJwj
pO/Ex/AtdYx/oJGVltlR9RCdhiYpIAafOM0O69eem1ZQW1VBY4FASO9p4L6o133T
UKd0AK76KwgBIhGceQGEbXDpWsd3yw4zxeZKL/5OzypW36eiGDqFgjII5igqTfDu
nhp6CzetpZLtT9tdo5z8bGb/sqihWXPgzJvUdAmkxPXPdFYT3qq00sdOg8bSnAJV
u5t2EbMdP7xxxrrhjXNNESgA4hmjbiP8y68mm6h235vaimgXYw==
-----END CERTIFICATE-----
subject=C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=orangeflower-e2c8aa9e.westeurope.azurecontainerapps.io
issuer=C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 04
---
Acceptable client certificate CA names
CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES
C=ES, O=FNMT-RCM, OU=AC RAIZ FNMT-RCM
C=ES, O=FNMT-RCM, OU=Ceres, organizationIdentifier=VATES-Q2826004J, CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS
serialNumber=G63287510, C=ES, O=ANF Autoridad de Certificacion, OU=ANF CA Raiz, CN=ANF Secure Server Root CA
C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
C=US, O=AffirmTrust, CN=AffirmTrust Commercial
C=US, O=AffirmTrust, CN=AffirmTrust Networking
C=US, O=AffirmTrust, CN=AffirmTrust Premium
C=US, O=AffirmTrust, CN=AffirmTrust Premium ECC
C=US, O=Amazon, CN=Amazon Root CA 1
C=US, O=Amazon, CN=Amazon Root CA 2
C=US, O=Amazon, CN=Amazon Root CA 3
C=US, O=Amazon, CN=Amazon Root CA 4
CN=Atos TrustedRoot 2011, O=Atos, C=DE
C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA
C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA
C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig Root R2
C=CN, O=China Financial Certification Authority, CN=CFCA EV ROOT
C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority
C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority
C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
C=US, O=Certainly, CN=Certainly Root E1
C=US, O=Certainly, CN=Certainly Root R1
C=FR, O=Dhimyotis, CN=Certigna
C=FR, O=Dhimyotis, OU=0002 48146308100036, CN=Certigna Root CA
C=PL, O=Asseco Data Systems S.A., OU=Certum Certification Authority, CN=Certum EC-384 CA
C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 2
C=PL, O=Asseco Data Systems S.A., OU=Certum Certification Authority, CN=Certum Trusted Root CA
C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
C=DE, O=D-Trust GmbH, CN=D-TRUST BR Root CA 1 2020
C=DE, O=D-Trust GmbH, CN=D-TRUST EV Root CA 1 2020
C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G2
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G3
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
C=US, O=DigiCert, Inc., CN=DigiCert TLS ECC P384 Root G5
C=US, O=DigiCert, Inc., CN=DigiCert TLS RSA4096 Root G5
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4
C=TR, L=Ankara, O=E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., OU=E-Tugra Sertifikasyon Merkezi, CN=E-Tugra Certification Authority
C=TR, L=Ankara, O=E-Tugra EBG A.S., OU=E-Tugra Trust Center, CN=E-Tugra Global Root CA ECC v3
C=TR, L=Ankara, O=E-Tugra EBG A.S., OU=E-Tugra Trust Center, CN=E-Tugra Global Root CA RSA v3
O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - EC1
C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2015 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G4
C=CN, O=GUANG DONG CERTIFICATE AUTHORITY CO.,LTD., CN=GDCA TrustAUTH R5 ROOT
C=AT, O=e-commerce monitoring GmbH, CN=GLOBALTRUST 2020
C=US, O=Google Trust Services LLC, CN=GTS Root R1
C=US, O=Google Trust Services LLC, CN=GTS Root R2
C=US, O=Google Trust Services LLC, CN=GTS Root R3
C=US, O=Google Trust Services LLC, CN=GTS Root R4
OU=GlobalSign ECC Root CA - R4, O=GlobalSign, CN=GlobalSign
OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
OU=GlobalSign Root CA - R6, O=GlobalSign, CN=GlobalSign
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Root E46
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Root R46
C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
C=GR, O=Hellenic Academic and Research Institutions CA, CN=HARICA TLS ECC Root CA 2021
C=GR, O=Hellenic Academic and Research Institutions CA, CN=HARICA TLS RSA Root CA 2021
C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions ECC RootCA 2015
C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2015
C=TW, O=Chunghwa Telecom Co., Ltd., CN=HiPKI Root CA - G1
C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1
C=HK, ST=Hong Kong, L=Hong Kong, O=Hongkong Post, CN=Hongkong Post Root CA 3
C=US, O=Internet Security Research Group, CN=ISRG Root X1
C=US, O=Internet Security Research Group, CN=ISRG Root X2
C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1
C=US, O=IdenTrust, CN=IdenTrust Public Sector Root CA 1
C=ES, O=IZENPE S.A., CN=Izenpe.com
C=HU, L=Budapest, O=Microsec Ltd., CN=Microsec e-Szigno Root CA 2009, emailAddress=info@e-szigno.hu
C=US, O=Microsoft Corporation, CN=Microsoft ECC Root Certificate Authority 2017
C=US, O=Microsoft Corporation, CN=Microsoft RSA Root Certificate Authority 2017
C=KR, O=NAVER BUSINESS PLATFORM Corp., CN=NAVER Global Root Certification Authority
C=HU, L=Budapest, O=NetLock Kft., OU=Tanúsítványkiadók (Certification Services), CN=NetLock Arany (Class Gold) Főtanúsítvány
C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GB CA
C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GC CA
C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 1 G3
C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3
C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3 G3
C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority ECC
C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority RSA R2
C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority ECC
C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority RSA
C=PL, O=Krajowa Izba Rozliczeniowa S.A., CN=SZAFIR ROOT CA2
C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA11
C=US, O=SecureTrust Corporation, CN=SecureTrust CA
C=US, O=SecureTrust Corporation, CN=Secure Global CA
C=JP, O=SECOM Trust Systems CO.,LTD., CN=Security Communication ECC RootCA1
C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
C=JP, O=SECOM Trust Systems CO.,LTD., CN=Security Communication RootCA3
C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2
C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3
C=TR, L=Gebze - Kocaeli, O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK, OU=Kamu Sertifikasyon Merkezi - Kamu SM, CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Global Root CA
C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
O=TeliaSonera, CN=TeliaSonera Root CA v1
C=FI, O=Telia Finland Oyj, CN=Telia Root CA v2
C=US, ST=Illinois, L=Chicago, O=Trustwave Holdings, Inc., CN=Trustwave Global Certification Authority
C=US, ST=Illinois, L=Chicago, O=Trustwave Holdings, Inc., CN=Trustwave Global ECC P256 Certification Authority
C=US, ST=Illinois, L=Chicago, O=Trustwave Holdings, Inc., CN=Trustwave Global ECC P384 Certification Authority
C=TN, O=Agence Nationale de Certification Electronique, CN=TunTrust Root CA
C=CN, O=UniTrust, CN=UCA Extended Validation Root
C=CN, O=UniTrust, CN=UCA Global G2 Root
C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority
C=RO, O=certSIGN, OU=certSIGN ROOT CA
C=RO, O=CERTSIGN SA, OU=certSIGN ROOT CA G2
C=HU, L=Budapest, O=Microsec Ltd., organizationIdentifier=VATHU-23584497, CN=e-Szigno Root CA 2017
C=TW, O=Chunghwa Telecom Co., Ltd., OU=ePKI Root Certification Authority
C=US, OU=emSign PKI, O=eMudhra Inc, CN=emSign ECC Root CA - C3
C=IN, OU=emSign PKI, O=eMudhra Technologies Limited, CN=emSign ECC Root CA - G3
C=US, OU=emSign PKI, O=eMudhra Inc, CN=emSign Root CA - C1
C=IN, OU=emSign PKI, O=eMudhra Technologies Limited, CN=emSign Root CA - G1
C=CN, O=iTrusChina Co.,Ltd., CN=vTrus ECC Root CA
C=CN, O=iTrusChina Co.,Ltd., CN=vTrus Root CA
Requested Signature Algorithms: ECDSA+SHA256:RSA-PSS+SHA256:RSA+SHA256:ECDSA+SHA384:RSA-PSS+SHA384:RSA+SHA384:RSA-PSS+SHA512:RSA+SHA512:RSA+SHA1
Shared Requested Signature Algorithms: ECDSA+SHA256:RSA-PSS+SHA256:RSA+SHA256:ECDSA+SHA384:RSA-PSS+SHA384:RSA+SHA384:RSA-PSS+SHA512:RSA+SHA512
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 19425 bytes and written 481 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
There's a part called Acceptable client certificate CA names at the end.
These are the CA's that are (according to the standard) accepted for the mTLS connection.
As private PKI will not be part of this list, certificates aren't accepted and therefore browsers are smart enough not to bring up the dialog.
In the end it depends on the client implementation, whether this list is ignored or respected.
If respected, private PKI is not able to work with Azure Container Apps.
Steps to reproduce
See above
Expected behavior
Easiest way would be to remove Acceptable client certificate CA names.
Otherwise it would be great to configure these.
This issue is a: (mark with an x)
Issue description
In the documentation it says that
When using a self-signed certificate with Azure Container Apps, Browsers are not displaying the dialog for choosing a certificate (see picture bellow as an example)
Why?
When connecting to an example url with openssl like
There's a part called
Acceptable client certificate CA namesat the end. These are the CA's that are (according to the standard) accepted for the mTLS connection. As private PKI will not be part of this list, certificates aren't accepted and therefore browsers are smart enough not to bring up the dialog. In the end it depends on the client implementation, whether this list is ignored or respected. If respected, private PKI is not able to work with Azure Container Apps.Steps to reproduce
See above
Expected behavior Easiest way would be to remove
Acceptable client certificate CA names. Otherwise it would be great to configure these.