I have configured a IIS 7 Proxy using ARR under Windows 2008 R2. My goal is to let the IIS proxy provide a client certificate when performing a WebService call. See "diagram" below.
- Server A -(SOAP call over https)-> IIS Proxy -(SOAP call over https)-> Server B (External WS)
- Server B -(Client certificate request)-> IIS Proxy (Provides public part of PKCS12 cert)
- IIS Proxy -(Sends certificate and completes TLS handshake)-> Server B
- Server A -(Sends SOAP message)-> IIS Proxy -(SOAP message)-> Server B
- Server B -(response)-> IIS Proxy -(response)-> Server A
I get as far as step 1, then I receive error "HTTP Error 502.3 - Bad Gateway" (0x80072f0c) Err.exe reports 0x80072f0c as error "ERROR_INTERNET_CLIENT_AUTH_CERT_NEEDED".
I have imported the PKCS12 certificate to IIS. I have imported the PKCS12 certifier to "Intermediate Certification Authorities" and "Trusted Root Certification Authorities" for PKCS12 certificate using mmc.
What am I missing here?
