We have developed an inhouse application with angular frontend and .net core 6 backend which is running on Azure Kubernetes service(AKS).

Our requirement is, users accessing the application have to be authenticated via Azure AD(LDAP). For that, we have enabled LDAPS on Azure AD(Azure AD only supports LDAPS, not LDAP) and it's URL is configured in our application.

Then, we tried to access the application but getting the following error "The remote certificate was rejected by the provided RemoteCertificateValidationCallback"

From the error description, we understand it is because of missing certificate, however, we don't have a clue on where to the add the ldap's certificate. We have to deploy its certificate somewhere else in kubernetes and refer it in the application

Some article says, we can add the certificate to the docker itself by mentioning the certificate details in the docker file.

But, we want to decouple the certificate's location from the container so whenever the certificate expires we don't have to deploy the new certificate into it, and recreate the pods

Also, need to know whether the certificate has to be mapped to frontend or the backend pod. This is too vague to me, as I am a devops(from administration background) and don't have good understanding about application development.

To sum up, need clarifications for below doubts

1) Where to place the Azure LDAPS's certificate in AKS
2) To which pod(frontend/backend) certificate has to be mapped

Note:

1) We have the same application(hosted on-premise) which is being authenticated with Windows self managed Active directory(LDAP, not LDAPS)

So, our concern is only about mapping LDAPS's certificate to our application hosted on AKS and not about enabling LDAP for our application(which we have already done in existing application).

2) To get rid of this, some may suggest us to choose other modern authentication mechanism that Azure AD supports, but the answer is, we still want to stick with LDAP for some business needs.