In the previous post I explained hot how install SSL certificates in BizTalk to make a secure connection to a third party (web) service. In this article I will explain how you can configure the WCF Adapter to use these installed certificates to encrypt the message that is send to the service.

 

This series contain the following posts:
  1. Certificates in BizTalk 2013 Part 1: How To Install SSL Certificates in the Certificate store (this post).
  2. Certificates in BizTalk 2013 Part 2: How To Configure the BizTalk WCF Adapter to use the SSL Certificates.

SSL Certificates

SSL certificates contain a private (.pfx) and a public key (.cer) which will need to be installed in the appropriate certification stores. (For more information on SSL Certificates you can read the following article: http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.html.)
For test scenarios you can create your own certificate using the Makecert.exetool which is part of the .Net Framework. (For production environments SSL certificates need to be purchased from a Certificate Authority (CA).
But in the case of using SSL certificates in a BizTalk application, the certificates are probibly provided by the third party to which the application connects to. In that case you can skip the next part and go to the part where the certificates are installed in the appropriate stores.

Creating SSL Certificates

I’ve made some minor changes to the input paramaters for the Makecert tool. My cmd file consists of the following parameters:
 makecert.exe -n "CN=SjoukjeZaal" -r -pe -a sha512 -len 4096 -cy authority -sv SjoukjeZaal.pvk SjoukjeZaal.cer pvk2pfx.exe -pvk SjoukjeZaal.pvk -spc SjoukjeZaal.cer -pfx SjoukjeZaal.pfx -po Test123  

After following the steps from the article the below certificates are created:

  • sjoukjezaal.cer: Root certificate
  • sjoukjezaal.pfx: Client certificate with private key. (the password for this file is “Test123″).

Installing the certificates in the appropriate certificate stores

Next is installing the certificates.
  • Click Start, click Run and select mmc.exe to open the Microsoft Management Console.
  • Click the File Menu and select Add/Remove Snap-in.
  • Select Certificates and click the Add button.
  • Now you have to make a selection in which store you want to install the certificates.
The below table shows in which store to install the SSL certificates so BizTalk can use it to encrypt the messages:
 The In-Process Host account described in the table below can be obtained by opening the BizTalk Administration Console -> Host Instances and then check under which account the Host-Instance is running. For installing the certificate, log on to the server with the BizTalk Service account, open MMC and choose My User Account.
Certificate Store
sjoukjezaal.cer
  • Trusted Root CA (Local machine)
  • Trusted People (Local machine)
  • Other People (Local machine)
  • Trusted Publisher (BizTalk Service Account – In-Process Host account)
sjoukjezaal.pfx
  • Personal (local machine)
  • Personal (Logged in user)
  • Personal (BizTalk Service Account – In-Process Host account).

 

Summary

In this article I explained how to install SSL certificates which can be used in your BizTalk Application to make a secure call to a third party (web) service. In the second part of this series I will explain how you can configure the BizTalk Send Port to use the certificates to create a secured channel using the WCF Adapter.

There are currently no comments.