Edit

Share via

Encryption and Signing Certificates

  • Article

Microsoft BizTalk Server relies heavily on the security provided by certificates. By using certificates for encryption and digital signatures, BizTalk Server can send and receive data that can be trusted, and can help ensure that the data it processes is secure. For both encryption and digital signatures, there is a public key certificate and a private key certificate. For encryption, the sender of the message uses the receiver's public key certificate to encrypt the message, while the receiver of the message (BizTalk Server) uses its private key to decrypt the message. For digital signatures, the sender of the message uses a private key certificate to sign the message, and the receiver of the message (BizTalk Server) uses the public key certificate of the sender to verify the signature.

BizTalk Server uses public key certificates to verify the digital signatures of inbound messages and for encrypting outbound messages. BizTalk Server uses private key certificates for decrypting inbound messages and signing outbound messages.

You configure the certificates BizTalk Server uses in BizTalk Explorer and in the BizTalk Administration Console.

For more information about digital certificates, see Certificates that BizTalk Server Uses for Signed Messages.

Note

To make sure that a certificate hasn't expired and that the certificate is trusted down to a Root Certificate Authority (CA), you can choose to have the BizTalk Server engine check the Certificate Revocation List (CRL) while the engine processes Secure Multipurpose Internet Mail Extensions (S/MIME) messages. This verification occurs while the pipeline processes the message, in the MIME/SMIME decoder component.

For more information about how to set Check Revocation List property, see How to Configure the MIME-SMIME Decoder Pipeline Component.

In This Section