tags:

views:

260

answers:

1
+1  Q: 

Create key pair for BizTalk AS2 connection

I need to create an AS2 connection in BizTalk Server 2006 R2 to communicate with a business partner. I've worked with BizTalk AS2 config before and the BizTalk docs have pretty good walkthroughs about how to configure everything, but they don't talk about how to get/generate a certificate, and I don't have much experience there.

What is the best way to generate a key pair? My basic understanding of the process is that you generate the public and private keys (.pfx file?), install them, export the public key certificate (.cer?) and send it to the partner. The certificate won't be used for HTTPS, only for the AS2 connection, and the partner has stated that it can be self signed (doesn't need a trusted CA?). We trade public key certificates directly with the partner in a secure fashion in the form of .cer files. Is MakeCert an appropriate tool here?

I believe we need to use the same key for both encryption and signing, so according to the docs, the Key Usage attribute of the certificate must include Digital Signature and either Data Encipherment or Key Encipherment.

Thanks!

+1  A: 

You can certainly use MakeCert generated self sign keys for AS2 security and signing. Depending on the flavour of AS2 being implemented (there are 12 all up) you do not need to do both encryption and signing but the standard usage of AS2 is signed and encrypted communication with or without MDNs and for that you would generally use a single certificate.

As you say, there is a wealth of information on AS2 in the BizTalk docs and in the SDK. I thought it worth pointing out this MSDN page http://msdn.microsoft.com/en-us/library/bb728096(BTS.20).aspx, however, since it covers the installation of the certs in great detail. The configuration is quite particular, if you don't get the right certs in the right stores under the right users and in the right parts of BizTalk (assigned to parties, groups and send ports) then you can run into trouble. I've found it pays to follow the docs exactly in this part of configuration.

One important thing to remember is that your AS2 receive runs under the BizTalk IsolatedHost so the certs for receiving need to be in that store.

I've also found it interesting and helpful (thought not necessary) to read the AS2 RFC.

David Hall  2009-12-05 00:15:32

related questions

BizTalk 2006 Tutorial 1: EDI-to-XML Document Translation
Returning a value of type Microsoft.XLANGs.BaseTypes.XLANGMessage
Mocking WebService consumed by a Biztalk Request-Response port
Approach to extract inner-schema XML values for mapping to orchestration's inbound schema
Reponsibilities of Biztalk Consultant
Can Biztalk run a console application?
Protocol conversion / normalization: Biztalk, alternatives?
Append newline to flat-file schema in BizTalk 2006 R2
Consuming a WCF service in BizTalk 2006 R2
BizTalk resolving SSO error "Unable to redeem ticket, no ticket exists in the message"
BizTalk Server BAM Portal on x64 Windows 2008/IIS 7.0
How to set "xml:lang" attribute?
How can I suppress individual BizTalk warnings in Visual Studio 2005
How to figure out the current Biztalk Host Process
Config Files for Biztalk Host Processes
Are you using BizTalk? If so, how are you using it?
What is a .snk for?
Is there any free tool for monitoring BizTalk applications remotely?
DB2 Transport Component is not registered correctly
WCF Oracle adaptor and UDT
Has anyone hooked up BizTalk and Fogbugz?
How to Call BizTalk Orchestration Dynamically
What are some viable alternatives to BizTalk Server?
Has anyone connected BizTalk with QuickBooks?
BizTalk DB2 adapter connection error