I am trying to set up an IIS 10 (Windows 2019) to tunnel HTTPS traffic to a REST API of an application server at our customer location.
Tunnelling HTTP traffic was no problem and works like it should via the rule in web.config:
<rule name="ReverseProxyInboundRule1" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Rewrite"
url="https://10.10.105.194/{R:1}"
appendQueryString="false" logRewrittenUrl="true" />
</rule>
The Proxy uses a certificate from our internal CA, HTTPS access via Internet Explorer and Chrome works without any warnings as the root CA certificate and certificate have been imported into the certificate store.
Another certificate issued by the same CA has been set up on the application server, the certificate and root CA certificate have been added to the certificate store of the proxy server and the proxy server is able to access the REST API via IE and Chrome without a certificate warning over HTTPS.
When accessing the REST API via proxy, the proxy will return:
HTTP Error 502.3 - Bad Gateway
A security error occurred
Traffic caught via WireShark looks good, the proxy and application server seem to me to do a proper handshake.
I checked that the request is valid and returns JSON, I even hardcoded the Rewrite URL to make sure it's not related to parameters.
Any pointers where I could find more information about the underlying cause?
