Home Library Learn Samples Downloads Support Community Forums
Microsoft Developer Network >
HTTP(S) Adapter and Certificates

Answered HTTP(S) Adapter and Certificates

  • Monday, February 04, 2008 3:02 PM
     
     
    Sign In to Vote
    0

    Our customer has an HTTPS site that we should send messages using the HTTP adapter.

    The SSL port is not standard and the certificate is self created.

     

    I have added the certificate to the personal store of the service account but I still receive:

     

    The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

     

    If the adapter is run using my own account wich has administrative rights the connection works.

     

    What could be the issue?

     

    Regards,

     

    Antti

     

All Replies

  • Monday, February 11, 2008 10:12 PM
     
     
    Sign In to Vote
    0

    Do you mean that when the bts service account is an admin account, the scenario works, if it's a non admin account, it doesnt?

     

    Thanks,

    Hanu

     

     
  • Tuesday, February 12, 2008 8:23 AM
     
     
    Sign In to Vote
    0

    Hi,

     

    We did get this work with the service account. The certificate was added to different credential stores and the HTTP host instance was restarted. Unfortunately I do not know which store is actually needed. Machine Account / Service Account?

     

    I could not find a good explanation what certificate store is used with ssl nor what has to be done to make change effective.

     
  • Saturday, April 26, 2008 3:47 PM
     
     
    Sign In to Vote
    0

    The safe bet is the Machine->Personal store.

     

    SSL sometimes fails when client certs are asked for also and possibly when the certs issues are inhouse. Which means that CA certs needs to be deployed within the appropriate Cert Store->Trusted Certificate Authorities.

     

    The 'Service Account' store is just like a personal user store for the Service.

     

    When applications are using Certificates, they'll issue one of two commands - 'EnumerateCerts' and 'GetCert' etc.etc.

    The underlying Crypto API basically accepts a parameter to these methods, USER or MACHINE store - indicating the appropriate store.

     

    So in general - with BizTalk go the Machine Account.

     

    Cheers,

     
  • Sunday, May 04, 2008 11:07 AM
     
     Answered
    Sign In to Vote
    1

    Hi

     

    those steps to send messages to HTTPS URL using HTTP adapter

    1 – Log in the Server using the same credential that run the BizTalk Server services

    2 – Add your Certificate to the Personal Store in the “Current User Certificate Store”

    -          Be sure your certificate has no warning , and has trusted root bath.

    -          And your client is successfully deploying your certificate

    3 - get the Issued To Name for your client certificate

    4 -  add issued to  name to your HOSTS file “C:\WINDOWS\system32\drivers\etc\hosts” so you can use the issued to name instead of IP.

    You should be able to browse your client url now with no warning using this template (the browser will ask you to provide your certificate ‘this is normal’)

    https://IssuedToName/URL

    5 – Create HTTP Send Port

    -in the Authentication tab Inter your certificate thump print to “SSL Client Certificate Thump

    Print”

    -Use https://IssuedToName/URL as URL to you Send port

     

    This is the steps to do this procedure

    “if it is not working , try to add your certificate to the Personal store under Local Computer

     

    Enjoy ...
     
  • Wednesday, December 16, 2009 10:56 AM
     
     
    Sign In to Vote
    0
    Amjad..

    is step 4 nesseccery 

    i'm using a companation of ip and port: https://<ipadress>:<port>/URL

    anyhow i falowed your steps but i am stell geting this error:

    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    Event Type:        Warning
    Event Source:    BizTalk Server 2009
    Event Category:                BizTalk Server 2009
    Event ID:              5743
    Date:                     12/16/2009
    Time:                     8:15:06 AM
    User:                     N/A
    Computer:          MYSERVER
    Description:
    The adapter failed to transmit message going to send port "BillUpload_1.0.0.0_BillUpload.UploadFill_Bill_905d1e74cbbdd9cd" with URL https://<ipadress>:<port>/URL. It will be retransmitted after the retry interval specified for this Send Port. Details:"The request was aborted: Could not create SSL/TLS secure channel."

    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    any idea ????  .... Please help

     
  • Tuesday, December 22, 2009 11:49 AM
     
     
    Sign In to Vote
    0

    I guess there is no answer to my problem ..

     
  • Monday, January 25, 2010 10:13 AM
     
     
    Sign In to Vote
    0

    step 4 in amjad answer solved my issues.

     

    it seems that Biztalk does not handle the IP address it shouls be a host. so adding issued to name to my HOSTS list and using https://<hostname>:<port>/URL  insted of https://<ipadress>:<port>/URL solved this issue

     
© 2013 Microsoft. All rights reserved.