Appdome Logo Positive
Sign In
How to > Mobile Bot Defense > Technology Partners & Integrations > How to Configure Azure Application Gateway mTLS Validation for Appdome MobileBOT™ Defense

How to Configure Azure Application Gateway mTLS Validation for Appdome MobileBOT™ Defense

Last updated May 27, 2026 by Appdome

Introduction

Web Application Firewalls (WAFs) help protect web applications and APIs from malicious traffic and automated attacks. When combined with Appdome MobileBOT™ Defense, organizations can strengthen protection for mobile applications by allowing backend infrastructure to identify and trust requests originating from protected mobile apps.

This Knowledge Base article explains how to configure an Azure Application Gateway to work with Appdome MobileBOT™ Defense using Mutual TLS (mTLS). In this configuration, the Application Gateway validates client certificates presented by Appdome-protected mobile applications before allowing traffic to reach backend services.

What is mTLS?

Mutual TLS (mTLS) is an authentication method in which both the client and server validate each other’s TLS certificates against a trusted Certificate Authority (CA). This establishes a trusted and encrypted connection between the mobile application and backend infrastructure.

Prerequisites for Using Azure Application Gateway with Appdome-Protected Apps

Before proceeding, ensure you have:

  • A configured and accessible Azure Application Gateway
  • An Appdome MobileBOT™ Defense license
  • An Android or iOS application protected with Appdome MobileBOT™ Defense
  • An mTLS client certificate signed by a trusted Certificate Authority (CA)

How to Configure the Application Gateway to trust the client identity.

Getting Started with Azure Setup and Configuration

  1. Log in to the Azure portal.
  2. From the Azure home page, click Create a Resource.
    1 Home Page
  3. Search for and select Application Gateway.
  4. Create and configure the Azure Application Gateway.
    2 Create App Gw
  5. During configuration, ensure the following are completed:
    • A frontend public IP is configured for the gateway
      3select A Frontend Ip
    • A backend target or backend pool is configured
      4. Backend Pool
    • An HTTPS listener and routing rule are configured using your server TLS certificate
      Create Routing Rule
  6. After completing the gateway configuration and assigning a DNS name, configure Mutual TLS (mTLS) for client authentication.
  7. From the Azure home page, open your configured Azure Application Gateway instance.
  8. Create a new SSL Profile.5create Ssl Profile
  9. In the SSL Profile configuration:
    • Upload or select the trusted CA certificate used to validate client certificates
    • Configure the client authentication mode (Strict or Passthrough)
    • Select the trusted client certificates
  10. Associate the SSL Profile with the HTTPS listener configured for the Application Gateway.
  11. Save and apply the configuration changes.
Note: Azure requires the mTLS certificate to include the Extended Key Usage (EKU) extension in both the CA certificate and the leaf client certificate. Ensure the certificate includes the Client Authentication EKU before configuring mTLS on the Azure Application Gateway.
Eku 1example

Related Articles:

How Do I Learn More?

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app defense easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Appdome

Want a Demo?

Technology Partners & Integrations

TomWe're here to help
We'll get back to you in 24 hours to schedule your demo.