none
Makecert for BizTalk AS2 connection RRS feed

  • Question

  • The documentation for BizTalk indicates that a certificate used for AS2 connectivity must have a Key Usage of Digital Signature if it is to be used for signing, and Key Encipherment or Data Encipherment if it is to be used for encryption. Is it possible to generate certificates with these usages from Makecert?
    Wednesday, June 2, 2010 3:00 PM

Answers

  • Hi Nick,

    Makecert does not provide any of these options to be included under KEY USAGE. You need to modify the Certificate Template and to include these attributes to be added.

    Select the Certificate Template ---> Extentions ----> Key Usage --> Edit ---> Select "Allow Key exchange only with Key encription ...." and alllow encryption of user data.

    This will add Key and Data Encipherment.

    Go to the properties of the new template and go to the Security tab. Select the ENROLL for the appropriate user(s). Go to MMC and modify the template to be used.

    Hope this should help you.

    Regards,

     


    Vishnu
    Thursday, June 3, 2010 3:28 PM

All replies

  • Yes you can use it for development and testing.  The command is:

    makecert -r -pe -n "E=<biztalk service account>@<company>.com,CN=<service account>,OU=<organizational unit>" -b 10/01/2008 -e 01/01/2017 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr currentuser -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 <filepath>\<filename>.cer

     -Elizabeth

    Wednesday, June 2, 2010 6:20 PM
  • This does not accomplish what I am looking to do, which is set values for the Key Usage attribute on a generated certificate.
    Wednesday, June 2, 2010 7:21 PM
  • Hi Nick,

    Makecert does not provide any of these options to be included under KEY USAGE. You need to modify the Certificate Template and to include these attributes to be added.

    Select the Certificate Template ---> Extentions ----> Key Usage --> Edit ---> Select "Allow Key exchange only with Key encription ...." and alllow encryption of user data.

    This will add Key and Data Encipherment.

    Go to the properties of the new template and go to the Security tab. Select the ENROLL for the appropriate user(s). Go to MMC and modify the template to be used.

    Hope this should help you.

    Regards,

     


    Vishnu
    Thursday, June 3, 2010 3:28 PM
  • Also if these Key Usage attributes are not present, will I be getting any kind of error while communicating with the AS2 partner.

    Regards,


    Vishnu
    Friday, June 4, 2010 11:46 AM
  • Since this comes up every time I use MakeCert and AS2 in a search engine I figured I would drop the exact instructions of the what's where's and how's of installing certificates for BT2006-2010.  I found this document buried in the Microsoft Archives.

    http://everythingworkflow.spaces.live.com/blog/cns!1C0A3085568F1B39!251.entry

     


    Mark Rowe MCTS:Biztalk http://everythingworkflow.spaces.live.com/
    Tuesday, August 17, 2010 1:18 PM