AAM and SSL over the same Web Application

sharepoint.stackexchange https://sharepoint.stackexchange.com//questions/28271

Question

Scenario: One web application in a port 8080, extended to the zone extranet for the purpose of the activation of the SSL layer on port 8180. The default zone is for anonymous access and, once the user logs in, it changes to the Https side. This is working fine, because the user is logging inside the https zone. Between Internet and the server there is a "black box" (aka. port redirector, reverse proxy or something, sorry but I don't really know) that redirects calls from http://user_friendly_url to http://server_ip:8080 and https://user_friendly_url redirects to https://server_ip:8180.

    Internet side                          Internal side
    http://user_friendly_url      -->      http://server_ip:8080 (Zone: Default)
    https://user_friendly_url     -->      https://server_ip:8180 (Zone: Extranet)

I put this names to the "Alternate Access Mappings" section:

    Internal URL                     Zone        Public URL for Zone
    http://server_name:8080          Default     http://user_friendly_url:8080
    http://user_friendly_url:8080    Default     http://user_friendly_url:8080
    https://server_name:8180         Extranet    https://user_friendly_url:8180
    https://user_friendly_url:8180   Extranet    https://user_friendly_url:8180

Problem: The http part is working perfectly, I can connect to the whole site and the port translation works well. But when I try the secured site the navigator keeps connecting with no response.

I tried different names in the AAM section, with the same result (or worst).I look for the same situation on internet but I can't find anything that works for me. I used Fiddler to log the traffic:

 CONNECT user_friendly_url:443 HTTP/1.1
 ...

 HTTP/1.1 200 Connection Established
 ...

 GET https://user_friendly_url/initial_page.aspx HTTP/1.1
 ...

 HTTP/1.1 500 Error
 Content-Type: text/html
 X-Backside-Transport: FAIL FAIL
 Connection: close

Any help will be greatly appreciated.

Thanks is advance...

Was it helpful?

Solution

Well, at last I found out what is happening. What I didn't know is that this Datapower was terminating SSL requests and forwarding in HTTP.

The idea found here.

Off-box termination of SSL is when a proxy server terminates an SSL request and then forwards the request to a Web server by using HTTP.

I asked to the colleague that manages the Datapower and he told me to not activate SSL layer on port 8180.

Thanks for your answers and sorry for this lack of research.

OTHER TIPS

You Fiddler session shows a connect on port 443 which is the default port for SSL yet I do not see 443 configured in SharePoint. It is also worth following up on why you are supposedly going to port 8180 in the URL but connecting to 443. This almost sounds like something is not configured right in the "black box" or that you are somehow bypassing it entirely.

One more thing, is the SSL Cert itself hosted in IIS or on the black box?

Licensed under: CC-BY-SA with attribution
Not affiliated with sharepoint.stackexchange
scroll top