共用方式為


Registering a Certificate

 

Applies To: Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server Technical Preview, Windows Vista

You must have a certificate registered in the directory service for the sender whenever you want Message Queuing to verify the sender of a message to which the certificate will be attached (by default, Message Queuing verifies who sent the message whenever an authenticated message is sent). Registering a certificate stores the public part of the certificate in the directory service under the applicable user object, thereby associating the certificate with the user's SID. Message Queuing provides two ways to register a certificate. Internal and external certificates can be registered programmatically, or they can be registered by way of Message Queuing in Control Panel for MSMQ 2.0 or in Computer Management for MSMQ 3.0.

Note

For MSMQ 1.0 applications, certificates must be registered manually by using the MS Message Queue applet in Control Panel.

To register a certificate using the MS Message Queue applet

  1. Using Control Panel, open the MS Message Queue applet.

  2. Click the Security tab.

  3. Click Register. Message Queuing creates an internal certificate locally when Register is clicked the first time MS Message Queue is run.

  4. Select a certificate from the list of available certificates. (This list includes the internal certificate and all external certificates that have been put into your personal store.)

  5. Click OK. The selected certificate is now registered in the directory service.

If there is already a registered certificate when you register a new certificate, the new certificate replaces the old certificate. However, only processes that start after you register a new certificate will use it. Conversely, processes that are already running and all messages waiting in queues will have been signed by the old (and obsolete) certificate. These messages will be rejected by the receiving computer because the old certificate is no longer available in the directory service.

More Information

For information on See
Registering a certificate using function calls MQRegisterCertificate
Registering a certificate using COM method calls MSMQApplication.RegisterCertificate
Using a security context structure When to Use a Security Context Structure
The process of authenticating messages How Message Queuing Authenticates Messages

Examples

For an example of See
Requesting authentication using an internal certificate C/C++ Code Example: Requesting Authentication Using an Internal Certificate Visual Basic Code Example: Requesting Authentication Using an Internal Certificate
Requesting authentication using an external certificate C/C++ Code Example: Requesting Authentication Using an External Certificate

 Visual Basic Code Example: Requesting Authentication Using an External Certificate
Validating authentication C/C++ Code Example: Validating Authentication

 Visual Basic Code Example: Validating Authentication