Hi All 

I have imported two certificate from client and added to the Personal Store using mmc.exe application.

i have created new SendHost and SendHost Instance and added my sendport under this hostinstance.

on sendport when i am trying to add this certificate i am not able to see the certificate under it and getting error as No Certficate available No Certificates meet the application criteria.

Does any one know what this issue looks like ?

Than

Hi Nitin,

You don't need to use a specific certificate in a Send Port to allow SSL. You only have to install the certificate and the related CA in the correct Certificate Store.

The easiest way to do it is installing the SSL certificate in the Other People store of the Local Machine and the related CA as a Trusted Root Certification authority.

Once the certificates are installed, the SSL is self negotiated when the communication is done with the target service.

Re

Hi ohawari...

thanks for help...

can you please shares the steps ..how to do this step by step or point me to some blog...

i have tried this couple of type but no luck yet....

Hi,

the steps are the following:

• Install the CA certificate in the Trusted Root Certification Authorities repository of the Local Machine store.
• Install the certificate used for SSL communication in the Other People repository of the Local Machine store.
• Configure the send port without using any certificate.
  

When the send port does the communication with the HTTPS endpoint, the certificate will be negotiated and it should work if the certificate matches the one you have installed.

Regards.

Hi Nitin,

Please follow below steps to configure SSL certificate for BizTalk,

Certificate Installation for BizTalk

• Login on BizTalk server using BizTalk Server Host Instance
• Open Certificate Manager using MMC command on Run
• Select File menu Add/ Remove Snapin / ctrl+m
• Select Certificate from Available Snap-In and add it to Selected Snap-ins
• In new window, import certificates for all appearing under Console Root

Best Practice to restart BizTalk Host Instance

Certificate Configuration

• BizTalk Host Properties Select Certificate
• BizTalk Group Properties Select Certificate

This get you Certificate for Receive Port and Send Port

Common Issue

• Certificate available on Host and Group, but not available at Send Port

Reason - You might have not configured certificate at Other People group under Local Computer.

Note:

Current User/Personal/Certificates store is where certificates go for decrypting inbound messages. This store is account specific, so Im using the account that the receiving host is running under. The store under the Local Computer/Other People/Certificates is for public certificates used to sign outbound messages. The other people then have a corresponding private key to decrypt the inbound messages.

Thanks

Hi Nitin,

Importing a certificate can be done as below members have mentioned, also note that if the two certificates you have imported are having a private issuer then you also would need the issuer certificate as well in the certificate store. 

I am no expert in certificates, but it is trickier when you have multiple level issuers and private keys involved in it. 

Regards

K