none
AS2 certificate installation RRS feed

  • Question

  • Hi all,

    We use BizTalk 2006 R2 to send AS2 messages to our client. Our client has given us 4 files as part of their certificate.

    The 4 files are:
    ClientProd.cer
    ClientProd.p7b
    VeriSign_Intermediate.cer
    VeriSign_Root_CA.cer

    In the certificate console in mmc, I am not sure where(which folders) to install these files? For *.p7b file, do I need convert them to any format? Andy idea please..

    Thanks in advance


    • Edited by AskQues Wednesday, July 25, 2012 4:00 PM
    Wednesday, July 25, 2012 3:43 PM

Answers

  • The following link shows the types of certificates and where they should be installed for BizTalk AS2: http://msdn.microsoft.com/en-us/library/bb728096.aspx

    Because these came from your trading partner, I'm guessing the ClientProd.* certificates should be installed into the Local Computer\Other People store.

    The VeriSign_Intermediate.cer and VeriSign_Root.cer certificates are for the trusted authorities so they should installed into the Local Computer\Intermediate Certificate Authorities and Third-Party Root Certification Authorities store respectively.

    If you double-click on the certificates from explorer the certificate application will open the certificate and provide details about each one.


    David Downing... If this answers your question, please Mark as the Answer. If this post is helpful, please vote as helpful.



    • Edited by David K. Downing Wednesday, July 25, 2012 4:23 PM
    • Marked as answer by AskQues Wednesday, August 8, 2012 11:42 AM
    Wednesday, July 25, 2012 4:13 PM

All replies

  • The following link shows the types of certificates and where they should be installed for BizTalk AS2: http://msdn.microsoft.com/en-us/library/bb728096.aspx

    Because these came from your trading partner, I'm guessing the ClientProd.* certificates should be installed into the Local Computer\Other People store.

    The VeriSign_Intermediate.cer and VeriSign_Root.cer certificates are for the trusted authorities so they should installed into the Local Computer\Intermediate Certificate Authorities and Third-Party Root Certification Authorities store respectively.

    If you double-click on the certificates from explorer the certificate application will open the certificate and provide details about each one.


    David Downing... If this answers your question, please Mark as the Answer. If this post is helpful, please vote as helpful.



    • Edited by David K. Downing Wednesday, July 25, 2012 4:23 PM
    • Marked as answer by AskQues Wednesday, August 8, 2012 11:42 AM
    Wednesday, July 25, 2012 4:13 PM
  • Thank you David. You have been replying some useful post for some of questions.

    And idea about the ClientProd.p7b file ?

    Wednesday, July 25, 2012 6:35 PM
  • When you double-click on it in explorer, what happens?

    You should be able to install these into the Local Computer\Other People certificate store.  See the following for additional information regarding the .p7b files: http://technet.microsoft.com/en-us/library/cc758042(v=ws.10).aspx


    David Downing... If this answers your question, please Mark as the Answer. If this post is helpful, please vote as helpful.


    Wednesday, July 25, 2012 6:52 PM
  • Hi AskQues

    From my own experience you need to do a lot of reading first..

    This will cost you at least between 6 to 12 hours of reading.

    Here is the link

    configuring Certificate


    AKE

    Thursday, July 26, 2012 8:39 AM
  • When I double click the ClientProd.p7b, it opens the certificate panel. And in the certifcate folder, it contains all the other files. So in this case, after installing the other certificates, do I need to install ClientProd.p7b. I hope this would reinstall its conents (other 3 certificates) again.
    Thursday, July 26, 2012 8:55 AM
  • Hi Ask

    There are two things you need to understand First

    1: Identify the private Key.

    2: Identify the  the public key.

    check my print screen, in the section where to Define::

    Dont forget you need also to run a wizard..

    C:\%%\Microsoft BizTalk Server 2006\SDK\Utilities\Certificate Wizard\CertWizard.ext

    If you are not willing to read the docs step by step.. you will get frustrated. (Understanding is better than :trial and error)

    I think that ClientProd.cer = public key and ClientProd.p7b = private Key


    AKE

    Thursday, July 26, 2012 9:39 AM
  • Hi Akaschmid,

    I have read your document. I don't think the document you have shared speaks anything about *.p7b file. Reading the file names and types I could guess which folders these files should go, but I want to confirm it with other experts. But I am not sure about the ClientProd.p7b file. I can't find any useful reference which explain about *.p7b certificate with BizTalk AS2.

    I don't think ClientProd.p7b is a private key. I believe *.p7b is collection of client certificates in *.p7b format.  And moreover if ClientProd.p7b  is a private key, why do you think client has shared their private key with us?

    Thursday, July 26, 2012 12:07 PM
  • I've never used a .p7b certificate before, but I would try installing them into the Local Computer\Other People certificate store.  You can view the details of the individual certificates as follows.  Note that if you have a private key, it is shown below on the "General" tab.  The usage of the key should also be listed on the "General" tab as well as the "Details" tab.  If the installed certificates thumbprint and validation timestamps match the certificates opeded by double-clicking, you shouldn't need to reinstall them... it shouldn't hurt if you do.  The key is where they are installed.  From the certificate mmc snapins once they are installed, you can either drag and drop to the correct location or copy/paste or cut/paste.


    David Downing... If this answers your question, please Mark as the Answer. If this post is helpful, please vote as helpful.



    Thursday, July 26, 2012 1:30 PM