My MS Replacement Hired, Other Musings, Certificate Help Needed

So it looks like my Microsoft replacement has finally been hired. My buddy Chris Romp has taken over the role of BizTalk Technology Specialist for Microsoft SoCal. He’ll do a great job, but if any of my former customers are reading this, please give the poor guy a little time to get up to speed on the beast that is Microsoft!

Other random BizTalk musings on my mind today (and a plea for help) …

I wasn’t 100% sure at what point the ErrorReport for a Send port gets generated. That is, if a (send) port has 5 retries, does it wait until all those retries are exhausted? After a quick test, indeed, no ErrorReport is sent to the MessageBox until retries are done.

Today for the first time, I had to send a message to a SharePoint library and DIDN’T apply the InfoPath declaration in the Xml pipeline. Instead, I wanted to see if sending the “naked” message to a SharePoint forms library (which had an InfoPath form associated with it) would still cause it to get opened with library’s template. Sure enough, it worked. I guess I knew it SHOULD work, but simply never tried.

Anyone have success doing BizTalk message encryption/decryption using certificates created with the .NET makecert tool? I’m getting owned right now. I built a certificate (makecert -n “CN=CompanyCA” -pe -r -sv “c:\cert\CompanyCAPrivate.pvk” “c:\cert\CompanyCAPublic.cer”), installed the public certificate in the machine’s Other People store (for BizTalk to use when encrypting outbound messages). I then put the private key certificate in the BizTalk host account’s Personal store so that BizTalk could use it to decrypt inbound messages. I created send/receive pipelines with the necessary MIME encoding/decoding and picked the certificate at the right places (send port, receive host).

When I send a file out from BizTalk, it shows up perfectly encrypted. However, if I drop that same file into a location for BizTalk to pickup and decrypt, I get “There was an authentication failure. ‘Failed to decode the S/MIME message. The S/MIME message may not be valid’.” After spending waaaay to long on this, I’m about to light myself on fire.

Any thoughts?

Technorati Tags:

Author: Richard Seroter

Richard Seroter is Director of Developer Relations and Outbound Product Management at Google Cloud. He’s also an instructor at Pluralsight, a frequent public speaker, the author of multiple books on software design and development, and a former editor plus former 12-time Microsoft MVP for cloud. As Director of Developer Relations and Outbound Product Management, Richard leads an organization of Google Cloud developer advocates, engineers, platform builders, and outbound product managers that help customers find success in their cloud journey. Richard maintains a regularly updated blog on topics of architecture and solution design and can be found on Twitter as @rseroter.

4 thoughts

  1. Im working in a BizTalk project where we’re using security certificates.

    We obtain for a particular message this error about S/MIME decode and we have been talking with Microsoft engineer and the conclusion has been that the message has an incorrect sign. We`re looking through now the canonicalization mode and the encoding.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.