Article ID: 287670
Article Last Modified on 10/17/2003
APPLIES TO
- Microsoft BizTalk Server 2000 Standard Edition
This article was previously published under Q287670
SYMPTOMS
When you configure a channel, you can select a client certificate to use for a HTTPS transport in the Advanced Configuration dialog box. The certificate should have Client Authentication as its intended purpose. Both Microsoft Client Authentication certificates and Verisign Class 1 Digital IDs meet this requirement. However, in BizTalk Server 2000, you can only select an SSL Client Authentication certificate issued by Microsoft Certificate Server. Verisign Class 1 Digital IDs do not appear in the Client Certificates drop-down list on the BizTalk SendHTTPX Properties page.
CAUSE
BizTalk incorrectly filters out Verisign Class 1 Digital IDs.
RESOLUTION
To resolve this problem, obtain the latest service pack for Microsoft BizTalk Server 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
299664 INFO: How to Obtain the Latest BizTalk Server 2000 Service Pack
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Microsoft BizTalk Server 2000 Service Pack 1.
MORE INFORMATION
On a related note, do not select private key protection when you request the certificate. Do not select the Check this box to protect your private key option when you apply for a Verisign Class 1 Digital ID. Do not select the Enable strong private key protection option when you request a Microsoft Certificate Server certificate. If this option is enabled, a dialog box appears every time the certificate is accessed. BizTalk Server does not handle this because it runs as a service instead of an interactive program.
Additional query words: SSL HTTPS certificate
Keywords: kbbug kbfix kbbiztalk2000sp1fix KB287670
