IIS 7 & IIS 8
Application Request Routing (ARR)
HTTP Error 502.3 - Bad Gateway A security error occurred
Last post Jan 19, 2012 09:06 AM by Adrian B.
Mar 28, 2011 03:07 PM|LINK
Im not sure how to actually view the certificate chain
Mar 28, 2011 03:12 PM|LINK
Nov 18, 2011 04:03 PM|LINK
I'm having the exact same issue. As xxyyzz stated, when connecting directly to a backend server it works fine so I doubt it's a bad certificate chain. The issue is only when routing through the ARR server. I've managed to find a forum post with a reasonable
explanation here: http://forums.iis.net/t/1157253.aspx He states that ARR does not forward the client certificate. So, if the backend server requires a client cert the request will fail. He suggested that the ARR server forward
the certificate details in headers and be reconstructed on the backend server, but wouldn't that leave the backend servers vulnerable to spoofing via a direct connection? Maybe if they were behind a firewall to only accept connections from the ARR server...
Maybe one day Microsoft will allow ARR to forward client certificates, otherwise it looks like if you're doing client certificate authorization ARR is not a good fit.
Jan 19, 2012 09:06 AM|LINK