MicrosoftAfter some further investigation i figured out how to get some extra logging setting the HEADER in postman: Ocp-Apim-Trace "true" to get Ocp-Apim-Trace-Location providing the required details.
Questions remaining are:
When receiving API request with a client certificate what is required in APIM and policies to get it working?
!context.Request.Certificate.Verify() ---- what does this setting require on APIM?
- do we need to install the client certificate in APIM certificates? i have tested this and this was not working
- do I need to install the certificate under trusted root?
<when condition="@(context.Request.Certificate == null || !context.Request.Certificate.Verify() || context.Request.Certificate.Thumbprint != "ZZZZZZZZZZ27")">
<return-response>
<set-status code="403" reason="Invalid client certificate" />
</return-response>
</when>