tags:

views:

151

answers:

2
Q: 

Server Rejecting Biztalk X.509 Certificates

Our ssl certificate recently expired, so we were issued a new one by the CA. Unfortunately, when biztalk uses this certificate to access a server, the server rejects it, giving us a 403.17 error (Expired or not yet valid).

So I checked the dates of the certificate and it seems okay. But to really check if the certificate was working, we loaded it into IE7 and tried to access the server. Doing so works.

Biztalk looks at a hard-coded location for the certificate, but we've already replaced that file with the new one.

Any idea why when Biztalk tries to access the server, it gets rejected?

A: 

Maybe Biztalk has cached your certificate?

Ali A  2008-12-30 15:36:10
We checked that, and it wasn't caching it at all.
Anton  2009-01-08 15:44:09
A: 

We've found out the solution. The problem was access to the certificate and private key. When replacing the certificate, its not enough to install it. Why? Because it will only be installed under the current user.

Biztalk runs as a user: BizTalkSVC, and that account did not have permission to access the certificate.

Once it was granted permission, it ran like a charm!

Anton  2009-01-08 15:46:24

related questions

Why is access denied when installing SSL cert on IIS 5?
What does a PHP developer need to know about https / secure socket layer connections?
Am I turning away customers by disabling SSL 2.0 and PCT 1.0 in IIS5?
Coding Dojo with IE and SSL
Enforce SSL in code in an ashx handler
How to connect to PostgreSQL from .NET using TLS with both client and server authentication?
HELP SSL GURUs!!! ... Problems with SSL Connection
What's a clean/simple way to ensure the security of a page?
How to specify accepted certificates for Client Authentication in .NET SslStream
SharePoint stream file for preview
Problem with Oracle Application Server SSL Certificates
Is there a limit with the number of SSL connections?
Testing HTTPS files with MAMP
Cheapest SSL certificates
Limiting traffic to SSL version of page only
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Is there a way to make Firefox ignore invalid ssl-certificates?
How do I create a self signed SSL certificate to use while testing a web app.
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
HTTPS in IIS 5.1
How do you redirect HTTPS to HTTP?
Debugging: IE6 + SSL + AJAX + post form = 404 error
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Options for Google Maps over SSL