IIS7 Application Request Routing HTTPS

Question

I have a reverse proxy that routes traffic to my app server..

I have login feature on my public website that is served through HTTPS. The SSL certificates are instal

Answer 1

Some applications are programmed to detect whether or not you are using HTTPS and since the actual web server is handling an HTTP request with your offloading enabled, it will think the request is not secure and often end up in a redirect loop.

You can fix this by setting up a single wildcard certificate on each content server and disable ssl offloading.

[ARR01 - ssl certificate] - [ARR02 - ssl certificate] <-- Visitors will see this SSL Certificate in their browser
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
[Content01 - wildcard ssl certificate] - [Content02 - wildcard ssl certificate] <-- This certificate remains hidden and thus can be a shared single wildcard cert.