IIS 8 with SSL Fails To Connect to Remote SQL Server

Question

I have recently setup a new testing environment consisting of a load balancer routing HTTPS traffic to a single IIS 8 webserver (more will be added once I work through this issue). The IIS 8 webserver talks to a remote SQL server via an unencrypted connection with credentials specified in the IIS web.config file.

Everything works great when I connect to the web application via the load balancer and the correct domain name / URL. However, if I attempt to skip the load balancer and access the IIS 8 webserver directly (via IP address) I can see my web app try to load but it fails to connect to the remote SQL Server and I cannot login. This issue does not occur if I disable HTTPS support on the IIS 8 server.

My thought on this is that somehow the IIS 8 webserver is causing some sort of connectivity issue to the remote SQL Server because IIS sees that the SSL cert does not match the URL (since I am using the IP address instead of the actual domain name). Could this be the issue and if so is there anything that I can do about it?

Answer 1

Server because IIS sees that the SSL cert does not match the URL (since I am using the IP address instead of the actual domain name). Could this be the issue ...

This is probably the issue because for a proper validation of the certificate it will check that the name in the certificate matches the name given to connect. If it would not do the check anybody with some certificate issued to its own site could impersonate your server which is probably not what you want.

...and if so is there anything that I can do about it?

You must make sure that the name you use to connect matches the certificate. That is either the certificate needs to be changed so that it includes the IP address or you must the hostname as seen in the certificate to connect to the server and not the IP address. Since the hostname probably refers to the load balancer you might change the hosts file on your client system (the one which connects to the SQL server) so it resolves the hostname to the IP of the server itself and not the load balancer.