AAM and SSL over the same Web Application
-
07-12-2019 - |
Question
Scenario: One web application in a port 8080, extended to the zone extranet for the purpose of the activation of the SSL layer on port 8180. The default zone is for anonymous access and, once the user logs in, it changes to the Https side. This is working fine, because the user is logging inside the https zone. Between Internet and the server there is a "black box" (aka. port redirector, reverse proxy or something, sorry but I don't really know) that redirects calls from http://user_friendly_url
to http://server_ip:8080
and https://user_friendly_url
redirects to https://server_ip:8180
.
Internet side Internal side http://user_friendly_url --> http://server_ip:8080 (Zone: Default) https://user_friendly_url --> https://server_ip:8180 (Zone: Extranet)
I put this names to the "Alternate Access Mappings" section:
Internal URL Zone Public URL for Zone http://server_name:8080 Default http://user_friendly_url:8080 http://user_friendly_url:8080 Default http://user_friendly_url:8080 https://server_name:8180 Extranet https://user_friendly_url:8180 https://user_friendly_url:8180 Extranet https://user_friendly_url:8180
Problem: The http
part is working perfectly, I can connect to the whole site and the port translation works well. But when I try the secured site the navigator keeps connecting with no response.
I tried different names in the AAM section, with the same result (or worst).I look for the same situation on internet but I can't find anything that works for me. I used Fiddler to log the traffic:
CONNECT user_friendly_url:443 HTTP/1.1 ... HTTP/1.1 200 Connection Established ... GET https://user_friendly_url/initial_page.aspx HTTP/1.1 ... HTTP/1.1 500 Error Content-Type: text/html X-Backside-Transport: FAIL FAIL Connection: close
Any help will be greatly appreciated.
Thanks is advance...
La solution
Well, at last I found out what is happening. What I didn't know is that this Datapower was terminating SSL requests and forwarding in HTTP.
The idea found here.
Off-box termination of SSL is when a proxy server terminates an SSL request and then forwards the request to a Web server by using HTTP.
I asked to the colleague that manages the Datapower and he told me to not activate SSL layer on port 8180.
Thanks for your answers and sorry for this lack of research.
Autres conseils
You Fiddler session shows a connect on port 443 which is the default port for SSL yet I do not see 443 configured in SharePoint. It is also worth following up on why you are supposedly going to port 8180 in the URL but connecting to 443. This almost sounds like something is not configured right in the "black box" or that you are somehow bypassing it entirely.
One more thing, is the SSL Cert itself hosted in IIS or on the black box?