How to Install the Certificates for Encrypted Messages
The following procedure lists the high-level steps that you have to follow to install the certificates for receiving and sending encrypted messages.
To install certificates in the certificates store for decryption
To install certificates in the certificates store for encryption
To configure BizTalk hosts for receiving encrypted messages
Note
You can use one certificate for both signing and decryption operations, or you can use one certificate for each function.
To install the decryption certificates in the certificates store
An administrator in your organization requests a private-public key pair for encryption from the certification authority (CA) for BizTalk Server to use.
The administrator sends the public key for encryption to Partner A.
In BizTalk Server, log on as the service account for the host instance running the handler that will receive messages from Partner A. Install the BizTalk Server private key certificate for decrypting messages in the personal store for the service account. The following figure shows the certificate store where you install the certificate.
In Partner A, install the BizTalk Server public key certificate for encrypting messages sent to Partner A in the appropriate store. (If Partner A is using Windows 2000 Server, Windows Server 2003, Windows Server 2008 SP2, install the public key in the Other People store.)
To install the encryption certificates in the certificates store
Partner A requests a private-public key pair for encryption from the CA.
Partner A installs the private key certificate for decrypting the messages in the appropriate store. (If Partner A is using Windows 2000 Server, Windows Server 2003, Windows Server 2008 SP2, install the private key in the personal certificate store.)
Partner A sends you its public key for encrypting messages sent to Partner A.
In BizTalk Server, log on to the server that has a host instance running a handler that will send messages to Partner A. Install the Partner A public key certificate for encrypting messages sent to Partner A in the Other People store. The following figure shows the certificate store where you install the certificate.
To configure BizTalk hosts for receiving encrypted messages
Click Start, point to All Programs, point to Microsoft BizTalk Server 20xx, and then click BizTalk Server Administration.
In the BizTalk Server Administration console, expand Platform Settings, expand Hosts.
On the right pane, right-click a BizTalk host that is the handler for receiving the encrypted messages, and then click Properties.
On the Host Properties dialog box, click Certificate, click Browse.
On the Select Certificate dialog box, select the decryption certificate that you installed, and then close all of the dialog boxes.
Note
For more information, see How to Modify Host Properties.
Next Steps
You create a pipeline to receive encrypted messages in How to Configure BizTalk Server for Receiving Encrypted Messages
You create a pipeline to send encrypted messages in How to Configure BizTalk Server for Sending Encrypted Messages
See Also
Certificates that BizTalk Server Uses for Encrypted Messages
Sending and Receiving Encrypted Messages