Outbound Message Protection

The following figure shows the security features in BizTalk Server that you use to protect outbound messages from being read by unauthorized parties.

Security features BizTalk uses to authenticate outbound messages.

When BizTalk Server 2004 sends a message, it takes the following steps to ensure that it sends the message securely, and that the receiving party can determine the message sender:

  1. If the send pipeline contains an encoding component (such as S/MIME) that is configured to sign all outbound messages, the signing certificate for the BizTalk group is retrieved from the personal certificate store for the host instance service account under which the pipeline is running, and the message is signed using the private key associated with the certificate.
  2. If the send pipeline contains an encoding component (such as S/MIME) that is configured to encrypt all outbound messages, the encryption certificate thumbprint is used to retrieve the public key certificate from the Other People certificate store, and the message is encrypted using that certificate.

Important  Although you use one signing certificate for all the send pipelines in your BizTalk environment, you must ensure this signing certificate is available in the certificate store of the service account of each host instance of the hosts where the send pipelines are running.

See Also

Inbound Message Authentication

Authentication of Messages Between Processes

Authenticating the Sender of a Message

Authorizing the Receiver of a Message

To download updated BizTalk Server 2004 Help from www.microsoft.com, go to http://go.microsoft.com/fwlink/?linkid=20616.

Copyright © 2004 Microsoft Corporation.
All rights reserved.