]> BizTalk Administration: Certificate locations 🌐:aligrant.com

BizTalk Administration: Certificate locations

Alastair Grant | Wednesday 17 July 2019

x509 certificates are used throughout BizTalk for various reasons, but configuring their usage is not always straight forward.  Here is an index of where to put your certificates for them to be selectable, and then to be usable.

  For selection For using
Parties Local Computer "Other People" store on the system running the administration console Not required, as the client sends a copy with the connection.
Send Port Local Computer "Other People" store on the system running the administration console  
WCF Send Server Your/Current admin user "Personal" store on the system running the administration console Local Computer "Other People" store on the system running the administration console
WCF Send Client Your/Current admin user "Personal" store on the system running the administration console

"Personal" store under the service account running the send port on the application host

Service Account Personal Store

Installing certificates into the personal store of a service-account is easier said that done.  Personally, I find this approach the quickest:

  1. Find an Internet Explorer shortcut (e.g. Click start, right click on IE and select 'Open file location'
  2. Hold Shift and right click on the shortcut
  3. Select Run as different user
  4. Enter the credentials for the server account
  5. In IE, click on Settings, Internet Options
  6. Navigate to the Content tab
  7. Click Certificates
  8. On the Personal tab, import your certificate/key pair (no need to mark as exportable).
Breaking from the voyeuristic norms of the Internet, any comments can be made in private by contacting me.