Monday, February 04, 2008 3:02 PM
Our customer has an HTTPS site that we should send messages using the HTTP adapter.
The SSL port is not standard and the certificate is self created.
I have added the certificate to the personal store of the service account but I still receive:
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
If the adapter is run using my own account wich has administrative rights the connection works.
What could be the issue?
Monday, February 11, 2008 10:12 PM
Do you mean that when the bts service account is an admin account, the scenario works, if it's a non admin account, it doesnt?
Tuesday, February 12, 2008 8:23 AM
We did get this work with the service account. The certificate was added to different credential stores and the HTTP host instance was restarted. Unfortunately I do not know which store is actually needed. Machine Account / Service Account?
I could not find a good explanation what certificate store is used with ssl nor what has to be done to make change effective.
Saturday, April 26, 2008 3:47 PM
The safe bet is the Machine->Personal store.
SSL sometimes fails when client certs are asked for also and possibly when the certs issues are inhouse. Which means that CA certs needs to be deployed within the appropriate Cert Store->Trusted Certificate Authorities.
The 'Service Account' store is just like a personal user store for the Service.
When applications are using Certificates, they'll issue one of two commands - 'EnumerateCerts' and 'GetCert' etc.etc.
The underlying Crypto API basically accepts a parameter to these methods, USER or MACHINE store - indicating the appropriate store.
So in general - with BizTalk go the Machine Account.
Sunday, May 04, 2008 11:07 AM
those steps to send messages to HTTPS URL using HTTP adapter
1 – Log in the Server using the same credential that run the BizTalk Server services
2 – Add your Certificate to the Personal Store in the “Current User Certificate Store”
- Be sure your certificate has no warning , and has trusted root bath.
- And your client is successfully deploying your certificate
3 - get the Issued To Name for your client certificate
4 - add issued to name to your HOSTS file “C:\WINDOWS\system32\drivers\etc\hosts” so you can use the issued to name instead of IP.
You should be able to browse your client url now with no warning using this template (the browser will ask you to provide your certificate ‘this is normal’)
5 – Create HTTP Send Port
-in the Authentication tab Inter your certificate thump print to “SSL Client Certificate Thump
-Use https://IssuedToName/URL as URL to you Send port
This is the steps to do this procedure
“if it is not working , try to add your certificate to the Personal store under Local Computer ”
Wednesday, December 16, 2009 10:56 AMAmjad..
is step 4 nesseccery
i'm using a companation of ip and port: https://<ipadress>:<port>/URL
anyhow i falowed your steps but i am stell geting this error:
Event Type: Warning
Event Source: BizTalk Server 2009
Event Category: BizTalk Server 2009
Event ID: 5743
Time: 8:15:06 AM
The adapter failed to transmit message going to send port "BillUpload_184.108.40.206_BillUpload.UploadFill_Bill_905d1e74cbbdd9cd" with URL https://<ipadress>:<port>/URL. It will be retransmitted after the retry interval specified for this Send Port. Details:"The request was aborted: Could not create SSL/TLS secure channel."
any idea ???? .... Please help
Tuesday, December 22, 2009 11:49 AM
I guess there is no answer to my problem ..
Monday, January 25, 2010 10:13 AM