BizTalk 2013: SSL Certificates to encrypt messages
Introduction
This article explains how you can make a secure connection to a third party (web) service in BizTalk 2013 using an SSL certificate. I will explain how you can create your own test certificate, install it in the certificate store and how to configure the WCF Adapter to use this installed certificate to encrypt the message that is sent to the service.
SSL Certificates
SSL certificates contain a private (.pfx) and a public key (.cer) which will need to be installed in the appropriate certification stores. For test scenarios, you can create your own certificate using the Makecert.exe tool which is part of the .Net Framework. (For production environments SSL certificates need to be purchased from a Certificate Authority (CA). But in the case of using SSL certificates in a BizTalk application, the certificates are probably provided by the third party to which the application connects to. In that case, you can skip the next part and go to the part where the certificates are installed in the appropriate stores.
Creating SSL Certificates
I’ve used this article for creating my SSL certificate. I’ve made some minor changes to the input parameters for the Makecert tool. My cmd file consists of the following parameters:
makecert.exe -n "CN=SjoukjeZaal" -r -pe -a sha512 -len 4096 -cy authority -sv SjoukjeZaal.pvk SjoukjeZaal.cer pvk2pfx.exe -pvk SjoukjeZaal.pvk -spc SjoukjeZaal.cer -pfx SjoukjeZaal.pfx -po Test123
After following the steps from the article, the below certificates are created:
- sjoukjezaal.cer: Root certificate.
- sjoukjezaal.pfx: Client certificate with private key. (the password for this file is “Test123″).
Installing the certificates in the appropriate certificate stores
Next is installing the certificates.
- Click Start, click Run and select mmc.exe to open the Microsoft Management Console.
- Click the File Menu and select Add/Remove Snap-in.
- Select Certificates and click the Add button.
- Now you have to make a selection in which store you want to install the certificates.
The below table shows in which store to install the SSL certificates so BizTalk can use it to encrypt the messages:
Certificate | Store |
sjoukjezaal.cer |
|
sjoukjezaal.pfx |
|
The In-Process Host account described in the table can be obtained by opening the BizTalk Administration Console -> Host Instances and then check under which account the Host-Instance is running. For installing the certificate, log on to the server with the BizTalk Service account, open MMC and choose My User Account.
Creating the Send Port
Next, we need a send port. You can create a new BizTalk application in the BizTalk administration console or use an existing one.
Right click on Send Ports – New – Static One-Way Send Port.
The Send Port properties are displayed. Fill in/ select the following values:
- Name: for instance WebServiceSend
- Port Type: WCF-BasisHttp Send Pipeline: PassThruTransmit
Click the Configure Button.
The transport properties screen is displayed. Fill in the Service Url, and the SOAP Action header. Click the Security tab, and fill in/select the following values:
- Security mode: Transport
- Transport Client Credential Type: Certificate
Under Client Certificate, click the browse button. Select the installed private certificate and click OK.
Under Server Certificate, click the browse button. Select the installed public certificate and click OK.
The transport property pane will look like the following figure:
Summary
In this article, I explained how to install SSL certificates which can be used in your BizTalk Application to make a secure call to a third party (web) service. I also explained how you can configure the BizTalk Send Port to use the certificates to create a secure channel using the WCF Adapter.
See Also
The theory behind the addition of the certificates for the WCF receive and send locations, refer to Installing Certificates for the WCF Adapters
Another important place to find an extensive amount of BizTalk related articles is the TechNet Wiki itself. The best entry point is BizTalk Server Resources on the TechNet Wiki.