1 Answer
- Newest
- Most votes
- Most comments
0
As it turns out, we discovered that our requests were timing out because IIS doesn't support proxy protocol. That's okay, because 2-way SSL doesn't utilize x-forwarded-for headers.
We got it to work as follows:
-
Configure the ELB to pass-through SSL to the server (Protocol = TCP, Port = 443).
-
Ensure proxy mode is disabled on the ELB (this is the default setting).
-
Configure the IIS site to accept client-side SSL certificates, using these instructions.
-
Client-Side app adds the client-cert to each rest request
-
Server-Side app's request handler inspects requests for matching client-cert thumbprint
answered 7 years ago
Relevant content
- Accepted Answerasked 2 months ago
- How do I determine the active SSL security policy associated with my ELB listener using the AWS CLI?AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago