View Complete Thread
  • Re: HTTP Error 502.3 - Bad Gateway A security error occurred

    Nov 18, 2011 12:03 PM|Vimm|LINK

    I'm having the exact same issue.  As xxyyzz stated, when connecting directly to a backend server it works fine so I doubt it's a bad certificate chain.  The issue is only when routing through the ARR server.  I've managed to find a forum post with a reasonable explanation here: http://forums.iis.net/t/1157253.aspx  He states that ARR does not forward the client certificate.  So, if the backend server requires a client cert the request will fail.  He suggested that the ARR server forward the certificate details in headers and be reconstructed on the backend server, but wouldn't that leave the backend servers vulnerable to spoofing via a direct connection?  Maybe if they were behind a firewall to only accept connections from the ARR server...


    Maybe one day Microsoft will allow ARR to forward client certificates, otherwise it looks like if you're doing client certificate authorization ARR is not a good fit.