IP-based SSL

Discussion in 'General troubleshooting' started by amadorgm, Oct 18, 2014.

  1. Hi, A few days ago I posted a comment on the article https://blog.everleap.com/https-unique-ip-load-balanced-environment/ by Michael Ossou. He kindly replied and invited me to share my experience here at the forum.
    I have been developing a highly complex application during the last 6 months for a client. At the momento it's at about 90%.
    The website runs perfectly on discountasp. We have a site here on everleap where we had been testing as well and it was working fine too (without the SSL certificate). We migrated to everleap and everything worked instantly on the secondary URL, so I proceeded to go ahead, change the DNS and asked to install the SSL certificate. Things went wrong immediately.
    Although the application is big and complex, absolutely nothing has been done regarding authentication. The site uses identity 2.0, set the global filter on startup to register the requirehttpsattribute and the authentication cookie is set to use SSL. That's just out of the box on MVC 5. We are just using the defaults.
    Since we are not yet in production, the HomeController is decorated with an authorize attribute. That's all there is to it and of course, as expected, it runs everywhere except here on Everleap.
    The site falls into an infinite loop going from the home page to the login page and so on.
    I tried to troubleshoot this issue, opened up a support ticket, at least 7 agents replied but nothing could be done and after 24 hours with the site closed my client decided it was time to go back to discountasp
    That's why I got to the interesting article of Mr Ossou. I quoted that info in one of my replies to the ticket.

    I hope one day we are able to return to everleap but going for sni ssl seems too risky for now, not for security but for compatibility
  2. mjp


    There are certainly some issues with SNI SSL that need to be addressed before it can gain wide use (browser compatibility being the one that gets most people). It's really a good and flexible concept, but as you found, it might not be ready for every application yet.

Share This Page