« Previous Next »

• 04-28-2009, 7:41 PM

  Poobalan.Naidoo Joined on 04-28-2009, 7:32 PM Posts 2

  ARR with SSL Mutual Authentication Reply Contact I would like to use ARR on a front end server to do Load Balancing to 3 Backend IIS 7.0 Web Servers. The Backend servers accept requests only from clients thats have a valid client certificate. I am able to get it all to work using https only if the Backend is configure to not require Client certificates. The moment I enable the Require Client certificate option the ARR server responds with "502 - Web server received an invalid response while acting as a gateway or proxy server." I appears that the ARR server is not passing the client certificate to the Backend server which then is responding with an error. I'm not sure if ARR supports mutual authentication or if what I want to achieve is even possible. Any help/advice in this regard will be appreciated.

  Tags: Application Request Routingporthttpshttpwebfarm

• 05-08-2009, 4:35 PM

  In reply to

  anilr Joined on 05-23-2006, 10:13 PM Redmond, WA Posts 2,343

  Re: ARR with SSL Mutual Authentication Reply Contact There is no way in the https protocol to have a proxy "delegate" the client certificate to the backend web-server.  However, if you install the ARR Helper module on the backend web-server, it can use the information about the client-certificate that ARR transmits as headers (assuming you first require client-certificate on the ARR machine) to create the data structures needed to make IIS on the backend server think that it actually received a client-certificate.  Note that the backend web-server is not receiving a real client certificate in this case, so all operations with the client certificate will not work. Anil Ruia Senior Software Design Engineer IIS Core Server

• 05-08-2009, 6:06 PM

  In reply to

  Poobalan.Naidoo Joined on 04-28-2009, 7:32 PM Posts 2

  Re: ARR with SSL Mutual Authentication Reply Contact Thanks for the reply. The ARR is a very nice add on for IIS. I have gone back to using the Network load Balancing service which does only the routing of requests to backend servers and works nicely with the certificates but no application level checking. The ARR does excellent Application routing but no HTTPS routing like NLBS. Would like to see something like a merge between NLBS and ARR as they each seem to be missing something that the other has in order to be a very powerful Load Balancing solution.