Note: I tried to capture and write down basic steps in order
to make this post more simple so that one cannot get confused.
My scenario is to consume the Web Service by using ‘Static
Solicit-Response Send Port’ with SOAP adapter. I think this can be applicable to other send
and receive ports as well.
Problem:
I tried several blogs and videos to fix my issue. The main issue I faced is I got confused which certificate store is used for which certificate for private and public both.
Company AA needs to consume company BB’s web service with digital signature.
Company BB shared their Public SSL Certificate (Public key)
and asked to send all the message with digital signature otherwise they will
not accept any request.
Solution:
1.
As per scenario Company AA
needs to Request a private-public key pair for digital signatures from the
certification authority (CA), Below steps are shown with images.
Note: There are several other ways to create the Private key
1.1
Press simultaneously the Windows and R keys on your keyboard and type MMC and
hit enter key.
1.2
From File Menu click ‘Add/Remove Snap-ins’ Scroll down and click on ‘Certificates’
then click ‘Add >’
1.3
On ‘Certificate Snap-in’ window choose ’Computer account’ then click ‘Next’
then click ‘finish’.
1.4
Repeat the above step keep ‘Certificates’ selected on ‘Add/Remove Snap-in’
window and click ‘Add’ button.
1.5
On ‘Certificate Snap-in’ window choose ’My User account’ then ‘finish’ button.
2.
Go to certificate store
named ‘Personal Certificates’ right click on it and under ‘All Tasks’ click ‘Request
New certificate’
2.1 Click
Next Button as shown in below image.
2.2 Do
not do anything just click Next button as shown in below image.
2.3 Check the check box next to ‘Computer’
and click ‘Enroll’ button:
2.4 Click Finish button:
3.
Once Private key is ready
we have to obtain the public key pair of it.
3.1
Right click on the newly created ‘Private Certificate’ click ‘All Tasks’ then ‘Export’
3.2 on ‘Certificate Export Wizard’ click Next.
3.3 Again Click Next:
3.4 Again click Next
3.5
Click Browse, type any name
and Then click Save
4.
Share the Public
certificate (Public key ) created in above(Step 3) with client, in our case it
is Company BB.
4.1 BB will import AA’s public key in appropriate
store.
4.2 BB will share their Public Key with AA.
5.
We have to Import our
public key(AA’s Key) and BB’s Key on
stores as shown below:
|
Local Computer
|
Current User
|
Personal
|
AA's Public Key
|
BB's Public Key, AA's Public Key
|
Trusted Root Certification Authorities
|
AA's Public Key
|
|
Trusted People
|
|
BB's Public Key
|
Other People
|
AA's Public Key
|
|
Note: Below Commands can also be used to import the certificates.
a)
CertWizard /Publickey
"C:\Users\bz_admin\Desktop\Certificate\xxxxxx.cer"
b)
CertWizard /Privatekey
"C:\Users\bz_admin\Desktop\Certificate\xxxxx.pfx"
6.
Now it’s time to setup
Certificate on BizTalk Server.
6.1
On BizTalk Administration console Right Click on the ‘BizTalk Server Group’ and
click ‘Properties’
6.2
Click on Certificate tab and then click ‘Browse’ button:
6.3 Choose
the appropriate certificate, Certificates ‘Common name’ and ‘ThumbPrint’ will
be populated automatically.
7.
Now go to the port and
configure it(for my case it’s SOAP Send Port ), On general Tab click ‘Configure’
on General tab paste ‘Client Certificate Thumbprint’ then click OK, then Apply
and at last ‘OK’.
Restart the host instance and all done.
No comments:
Post a Comment