Certificate Wizard Utility
You use the CertWizard utility to import a certificate from a .pfx or .cer file into a private or public store for use with Microsoft BizTalk Server.
The source code for the Certificate Wizard can be found in the C:\Program Files\Microsoft BizTalk Server <version>\SDK\Utilities\Certificate Wizard folder. With a 64-bit operating system and version of BizTalk Server, it will be in the C:\Program Files (x86)\Microsoft BizTalk Server <version>\SDK\Utilities\Certificate Wizard folder. To use the Certificate Wizard you will first have to build it using Visual Studio.
CertWizard imports a private key from a .pfx file into the personal store, and imports a public key from a .cer file into a public store. When importing a private key, the certificate can be a decryption certificate for incoming messages or a signing certificate for outgoing messages.
Syntax Description
The following table describes each part of the syntax that the CertWizard utility uses.
| Syntax | Description |
|---|---|
| Privatekey | Used to import a private key. |
| Publickey | Used to import a public key. |
| Rootkey | Used to import a root key—from a certification authority. |
| filename.pfx (or .cer) | Full path for the .pfx (private keys) or .cer (public keys) file. |
| Filepassword | The password required to unlock the .pfx file. |
| Useridentity | A service identity that one or more BizTalk Hosts uses. Enter a user account if you do not want to specify the host, but want to import a certificate under a user account. Note: If you do not add the Useridentity switch, the utility imports and set the certificate for all users. Note: If you add the Useridentity switch, but do not enter a value, WMI automatically generates the user identity. |
| Password | The password for the service identity user. |
| Thumbprint | The thumbprint of a specific certificate, in case the file contains more than one certificate. Note: For a public certificate file, if the file contains more than one certificate and you do not specify the thumbprint, the utility imports all certificates in the file. For a private certificate file, the utility prompts you to select the certificate to import. |
| Usage | The intended usage of the imported private certificate. Can be one of the following: sign (for a signing certificate) decrypt (for a decryption certificate) both (for a certificate that is both a signing certificate and a decryption certificate) none (also for a certificate that is both a signing certificate and a decryption certificate). Note: If you set the /Usage switch to none, the wizard will not set the thumbprint for the certificate on the BizTalk Hosts or the BizTalk Group. |
| Exportable | Can be True or False. If True, the private key can be re-exported. |
Syntax for Importing a Private Key
CertWizard /Privatekey <filename>.pfx [/Filepassword <filepassword>] [/Useridentity <useridentity>] [/Password <password>] [/Thumbprint <thumbprint>] [/Usage sign|decrypt|both|none] [/Exportable true|false]
Syntax for Importing a Public Key
CertWizard /Publickey <filename>.cer [/Thumbprint <thumbprint>]
Syntax for Importing a Root Key
CertWizard /Rootkey <filename>.cer [/Thumbprint <thumbprint>]
Prerequisites
The following are prerequisites for performing the procedures in this topic:
- You must be logged on as a member of the BizTalk Server Administrators group.
To run the certificate wizard
Open a command prompt.
Move to \Program Files (x86)\Microsoft BizTalk Server <VERSION>SDK\Utilities.
At the command prompt, type CertWizard, type the required and appropriate switches, and then press Enter.
Note
If you do not give the full command at the command prompt, CertWizard will prompt you to provide the required values.