How to Configure BizTalk Server to Receive Encrypted MIME or SMIME Messages
This topic describes how to configure BizTalk Server to use certificates to receive encrypted MIME/SMIME messages. The procedure below also applies to configuring the receiving of encrypted messages over AS2 transport.
Prerequisites
To perform the procedure in this topic, you must be logged on as a member of the BizTalk Server Administrators group.
To configure BizTalk Server to receive encrypted messages
Create a pipeline to receive encrypted messages, as follows:
Note
This step is not necessary when configuring AS2 transport for receiving encrypted messages because the AS2Receive and AS2EdiReceive pipelines that are included in BizTalk Server serve this function.
Note
The MIME/SMIME Decoder pipeline component performs both decryption and digital signature validation (when configured to perform both functions). Therefore, if you are configuring BizTalk Server to receive encrypted and signed messages, you can use the same receive pipeline. In other words, you do not have to create separate pipelines for decryption and digital signature validation.
Create a receive pipeline and then drag the MIME/SMIME Decoder pipeline component into the Decode stage of the pipeline.
In the Properties window, configure the MIME/SMIME Decoder pipeline component properties.
Note
Configuring the MIME/SMIME Decoder pipeline component properties includes setting the Check Revocation List property to True if you want to check the certificate revocation list for the certificates that senders use for signing messages that are being sent to BizTalk Server. Disabling this option increases the performance of the component. The certificate revocation list associated with a certificate is downloaded from the appropriate certificate services Web site. If the BizTalk Server cannot connect to the remote Web site, the message fails in the pipeline.
Note
You can configure pipeline properties for a receive location after the pipeline has been deployed into a BizTalk group using the BizTalk Server Administration console. You can configure different pipeline properties for each receive location in the BizTalk group.
Build and deploy the receive pipeline.
Configure the receive location for receiving encrypted messages, as follows:
Add the BizTalk assembly that you created containing the receive pipeline to the BizTalk application including the receive locations to receive encrypted messages.
Note
This step is not necessary when configuring AS2 transport for receiving encrypted messages because the AS2Receive and AS2EdiReceive pipelines are included in the BizTalk EDI Application in BizTalk Server.
Configure the receive locations in the BizTalk application with the receive pipeline that you created in the previous step.
Configure the host used as the receive handler for the receive location with the decryption certificate, as follows:
In the BizTalk Server Administration console, right-click a BizTalk host that is the handler for receiving the encrypted messages, and then click Properties.
Note
This procedure does not apply for AS2 transport available with BizTalk Server. It applies for the BizTalk MIME Decoder, not the AS2 Decoder. The AS2 Decoder will determine the certificate based on certificate information in the message.
In the Host Properties dialog box, click Certificate, and then click Browse.
Note
The above procedure enables you to configure your BizTalk Server environment so that only certain hosts can receive and process particular messages. When you configure a host with the thumbprint of a certificate to use for message decoding and decryption, BizTalk Server creates an application property for that host in the MessageBox database. Secure messages that are received and decrypted using this thumbprint are then only routed to this and other hosts that are configured with this thumbprint.
In the Select Certificate dialog box, select the decryption certificate that you installed, and then close all the dialog boxes.
See Also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for