Secure B2B messages with certificates

When you need to keep B2B communication confidential, you can secure B2B communication for your enterprise integration apps, specifically logic apps, by adding certificates to your integration account. Certificates are digital documents that check the identities for the participants in electronic communications and help you secure communication in these ways:

  • Encrypt message content.
  • Digitally sign messages.

You can use these certificates in your enterprise integration apps:

Note

This article has been updated to use the new Azure PowerShell Az module. You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. For Az module installation instructions, see Install Azure PowerShell.

Upload a public certificate

To use a public certificate in logic apps that have B2B capabilities, you must first upload the certificate to your integration account. After you define the properties in the agreements that you create, the certificate is available to help you secure your B2B messages.

  1. Sign in to the Azure portal. On the main Azure menu, select All resources. In the search box, enter your integration account name, and then select the integration account you want.

    Find and select your integration account

  2. Under Components, choose the Certificates tile.

    Choose "Certificates"

  3. Under Certificates, choose Add. Under Add Certificate, provide these details for your certificate. When you're done, choose OK.

    Property Value Description
    Name <certificate-name> Your certificate's name, which is "publicCert" in this example
    Certificate Type Public Your certificate's type
    Certificate <certificate-file-name> To find and select the certificate file you want to upload, choose the folder icon next to the Certificate box.

    Choose "Add", provide certificate details

    After Azure validates your selection, Azure uploads your certificate.

    Azure displays new certificate

Upload a private certificate

To use a private certificate in logic apps that have B2B capabilities, you must first upload the certificate to your integration account. You also need to have a private key that you first add to Azure Key Vault.

After you define the properties in the agreements that you create, the certificate is available to help you secure your B2B messages.

Note

For private certificates, make sure that you add a corresponding public certificate that appears in the AS2 agreement's Send and Receive settings for signing and encrypting messages.

  1. Add your private key to Azure Key Vault and provide a Key Name.

  2. Authorize Azure Logic Apps to perform operations on Azure Key Vault. To grant access to the Logic Apps service principal, use the PowerShell command, Set-AzKeyVaultAccessPolicy, for example:

    Set-AzKeyVaultAccessPolicy -VaultName 'TestcertKeyVault' -ServicePrincipalName '7cd684f4-8a78-49b0-91ec-6a35d38739ba' -PermissionsToKeys decrypt, sign, get, list

  3. Sign in to the Azure portal. On the main Azure menu, select All resources. In the search box, enter your integration account name, and then select the integration account you want.

    Find your integration account

  4. Under Components, choose the Certificates tile.

    Choose the Certificates tile

  5. Under Certificates, choose Add. Under Add Certificate, provide these details for your certificate. When you're done, choose OK.

    Property Value Description
    Name <certificate-name> Your certificate's name, which is "privateCert" in this example
    Certificate Type Private Your certificate's type
    Certificate <certificate-file-name> To find and select the certificate file you want to upload, choose the folder icon next to the Certificate box.
    Resource Group <integration-account-resource-group> Your integration account's resource group, which is "MyResourceGroup" in this example
    Key Vault <key-vault-name> Your Azure key vault's name
    Key name <key-name> Your key's name

    Choose "Add", provide certificate details

    After Azure validates your selection, Azure uploads your certificate.

    Azure displays new certificate

Next steps