0

I have a web application hosted by IIS8. Within the local network both http://subdomain.domain.com/myapp/Pages/Login.aspx https://subdomain.domain.com/myapp/Pages/Login.aspx work fine. And the SSL certificate displayed correctly with https. However, outside the local network, only http works. https connection gets "400 Bad Request" error. The SSL certificate is a wild card certificate issued by Sectigo RSA Domain Validation Secure Server CA.

I've done the following:

  1. Creates a A record for subdomain.domain.com, with IP address pointing to the IIS server.
  2. Forwarded port 443 to the IIS server in router.
  3. Allowed port 443 inbound traffic in Windows Firewall.
  4. Restarted IIS server.

What else do I need to do? Thanks a lot!

Paul
  • 1
  • There are many reasons for this error, you need detailed error messages to troubleshoot the issue, try using [failed request tracing](https://learn.microsoft.com/en-us/iis/extensions/url-rewrite-module/using-failed-request-tracing-to-trace-rewrite-rules) to see details about 400 error. – samwu Apr 07 '23 at 03:50
  • If you get an HTTP 400 then your certificate is not the problem, because with an HTTPS problem you won't get an HTTP status code. Are you sure you are directly connecting to the IIS server from outside? May be there is some interception system or offloading system that terminates the HTTPS connection before it reaches the IIS. – Robert Apr 07 '23 at 13:18
  • Thanks, samwu! I enabled failed request tracing, but getting no error log. Seems like what Robert said, the https connection did not reach the IIS. – Paul Apr 07 '23 at 21:08
  • Hi, Robert, what are some examples of interception system or offloading system you mentioned? Where can I check? Thanks! – Paul Apr 07 '23 at 21:10
  • This link about [Troubleshooting HTTP 400 Errors in IIS](https://learn.microsoft.com/en-us/iis/troubleshoot/diagnosing-http-errors/troubleshooting-http-400-errors-in-iis) may help you. – samwu Apr 11 '23 at 09:57
  • Solved. It turned out that AT&T was using port 443 for remote access to the router. Disable that fixed the problem. That was a real dumb practice for AT&T. – Paul Apr 24 '23 at 17:15

0 Answers0