none
Not able to understand Service certificate required for WCF -BasicHttp adapter configuration when Security mode is Transport RRS feed

  • Question

  • Hi,

    I am trying to invoke WCF web service from BizTalk Server. I have client certificate provided but I am not able to understand how to configure service certificate for WCF -BasicHttp adapter.

    Can anybody explain me use of Service Certificate? What is default certificate store location for service certificate? I got stuck because of this and getting below error,

    System.ServiceModel.CommunicationException: An error occurred while making the HTTP request to https://ivi.gatrdwa.nl/iviservice. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Authentication failed because the remote party has closed the transport stream.

       at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)

       at System.Net.PooledStream.EndWrite(IAsyncResult asyncResult)

       at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)

       --- End of inner exception stack trace ---

       at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

       at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelAsyncRequest.CompleteGetResponse(IAsyncResult result)

    Please let me know if anybody has faced such type of issue.

    Thanks in advance.

    Monday, September 14, 2015 7:21 AM

Answers

  • Hi,

    Not to barge in :), there are atleast couple of ways to do it,

    1. Within BizTalk Adapter- Change the adapter to wcf-wshttp instead of wcf-basichttp - this will help when the requirement is to change the service behavior (as mentioned by the thread above)

    2. With Security setting on message - There are several options here because security setting on the message can be vary per service, this information will be in the generated binding file. As always more steps will be involved as the Transport credential type varies 

    Regards

    K

    • Proposed as answer by Angie Xu Monday, September 21, 2015 2:23 AM
    • Marked as answer by Angie Xu Wednesday, September 23, 2015 4:14 AM
    Monday, September 14, 2015 11:53 AM

All replies

  • Hi,

    Follow below steps to configure SSL certificate for BizTalk,

    Certificate Installation for BizTalk

    • Login on BizTalk server using BizTalk Server Host Instance
    • Open Certificate Manager using MMC command on Run
    • Select File menu – Add/ Remove Snapin / ctrl+m
    • Select Certificate from Available Snap-In and add it to Selected Snap-ins
    • In new window, import certificates for Trusted Root Certification Authorities appearing under Console Root

    Best Practice to restart BizTalk Host Instance

    Certificate Configuration

    • BizTalk Host Properties – Select Certificate
    • BizTalk Group Properties – Select Certificate

    This get you Certificate for Receive Port and Send Port

    Regards

    K


    Monday, September 14, 2015 7:42 AM
  • Hi ,

    I think it is much more related to WCF service configuration . I would suggest to look into below post

    https://social.msdn.microsoft.com/Forums/en-US/b2a93d89-220c-4acf-b4f1-d3c17f4abff2/server-certificate-is-not-configured-properly-with-httpsys-in-the-https-case?forum=wcf

    But for reason why you are trying to use certificate for Basic http binding. I would suggest for certificate authentication you should use https binding .

    Thanks

    Abhishek

    Monday, September 14, 2015 8:46 AM
  • Hi Abhishek,

    I am using binding file generated by consuming WCF web service WSDL. And by default is using WCF-BasicHttp adapter. Also I have configured appropriate client certificate and server certificate.

    The link provided by you suggest the changes when we are doing .NET coding.  Can you please explain how to do same in BizTalk?

    Thanks & Regards

    Renu


    • Edited by BizTalk_Renu Monday, September 14, 2015 11:01 AM
    Monday, September 14, 2015 11:00 AM
  • Hi,

    Not to barge in :), there are atleast couple of ways to do it,

    1. Within BizTalk Adapter- Change the adapter to wcf-wshttp instead of wcf-basichttp - this will help when the requirement is to change the service behavior (as mentioned by the thread above)

    2. With Security setting on message - There are several options here because security setting on the message can be vary per service, this information will be in the generated binding file. As always more steps will be involved as the Transport credential type varies 

    Regards

    K

    • Proposed as answer by Angie Xu Monday, September 21, 2015 2:23 AM
    • Marked as answer by Angie Xu Wednesday, September 23, 2015 4:14 AM
    Monday, September 14, 2015 11:53 AM