Applies To: Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server Technical Preview, Windows Vista

The SenderCertificate property of the MSMQMessage object provides an array of bytes that represents the user certificate. The user certificate is used to authenticate messages.

Data type: Variant (array of bytes)
Run-time access: Read/write
Property SenderCertificate As Variant  

Property Value

A Variant (array of bytes) containing the user certificate (internal or external) attached to the message.


Use SenderCertificate when you want to authenticate a small number of messages with the same certificate.


When sending a large number of messages using the same certificate, use a security context structure to attach the certificate. A security context structure is obtained by calling MSMQMessage.AttachCurrentSecurityContext2. This method creates a security context structure based on the certificate that is in SenderCertificate, the corresponding private key, and the user's SID and stores a handle to the security context in the object. If SenderCertificate is not set before calling AttachCurrentSecurityContextMSMQMessage.AttachCurrentSecurityContext2, then the Message Queuing internal certificate for the user is used for the security context.

Message Queuing uses the certificate to authenticate the message. However, the receiving application can use the information in an external certificate to further verify who sent the message. (When an internal certificate is used, the information in the certificate is not useful to the receiving application.)

The receiving application should use SenderCertificate only when an external certificate is sent with the message. After retrieving the certificate, use the CryptoAPI functions to validate the information in the certificate. (If you don't know if an external or internal certificate was sent, retrieve the certificate and look at its locality attribute. If the locality attribute was set by MSMQ, then the certificate is a Message Queuing internal certificate.)

Equivalent API Function Property

With API function calls, the equivalent property for setting and retrieving the user certificate is PROPID_M_SENDER_CERT.

For information on See
What it means to authenticate a message Message Authentication
Registering internal and external certificates Registering a Certificate
How messages are authenticated How Message Queuing Authenticates Messages
Using a security context structure When to Use a Security Context Structure


Windows NT/2000/XP: Included in Windows NT 4.0 SP3 and later.

Windows 95/98/Me: Included in Windows 95 and later.

Header: Declared in Mqoai.h.

Library: Use Mqoa.lib.

See Also