Registering a Certificate
Applies To: Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server Technical Preview, Windows Vista
You must have a certificate registered in the directory service for the sender whenever you want Message Queuing to verify the sender of a message to which the certificate will be attached (by default, Message Queuing verifies who sent the message whenever an authenticated message is sent). Registering a certificate stores the public part of the certificate in the directory service under the applicable user object, thereby associating the certificate with the user's SID. Message Queuing provides two ways to register a certificate. Internal and external certificates can be registered programmatically, or they can be registered by way of Message Queuing in Control Panel for MSMQ 2.0 or in Computer Management for MSMQ 3.0.
Note
For MSMQ 1.0 applications, certificates must be registered manually by using the MS Message Queue applet in Control Panel.
To register a certificate using the MS Message Queue applet
Using Control Panel, open the MS Message Queue applet.
Click the Security tab.
Click Register. Message Queuing creates an internal certificate locally when Register is clicked the first time MS Message Queue is run.
Select a certificate from the list of available certificates. (This list includes the internal certificate and all external certificates that have been put into your personal store.)
Click OK. The selected certificate is now registered in the directory service.
If there is already a registered certificate when you register a new certificate, the new certificate replaces the old certificate. However, only processes that start after you register a new certificate will use it. Conversely, processes that are already running and all messages waiting in queues will have been signed by the old (and obsolete) certificate. These messages will be rejected by the receiving computer because the old certificate is no longer available in the directory service.
More Information
| For information on | See |
|---|---|
| Registering a certificate using function calls | MQRegisterCertificate |
| Registering a certificate using COM method calls | MSMQApplication.RegisterCertificate |
| Using a security context structure | When to Use a Security Context Structure |
| The process of authenticating messages | How Message Queuing Authenticates Messages |
Examples
| For an example of | See |
|---|---|
| Requesting authentication using an internal certificate | C/C++ Code Example: Requesting Authentication Using an Internal Certificate Visual Basic Code Example: Requesting Authentication Using an Internal Certificate |
| Requesting authentication using an external certificate | C/C++ Code Example: Requesting Authentication Using an External Certificate Visual Basic Code Example: Requesting Authentication Using an External Certificate |
| Validating authentication | C/C++ Code Example: Validating Authentication Visual Basic Code Example: Validating Authentication |