APPENDIX: BizTalk Services Certificates Overview
Updated: November 27, 2015
In BizTalk Services, certificates are used in several areas:
Create a BizTalk Service using Azure management portal: A public certificate (.cer) is automatically created. You can download the certificate and install it on your test/development environment. In production, use a signed certificate; which can be uploaded it to your BizTalk Service in the Azure Management Portal.
Manage Partners and Profiles in Azure BizTalk Services: Can be a private certificate (.pfx) or a public certificate (.cer).
Certificates: Lists all the private (.pfx) and public (.cer) certificates added for agreements between partners.
AS2 Receive Settings (Create an AS2 Agreement in Azure BizTalk Services): A certificate is used for message signing and encryption. If the message is signed, a public certificate (.cer) is needed. If the message is encrypted, a private certificate (.pfx) and its password are needed.
AS2 Send Settings (Create an AS2 Agreement in Azure BizTalk Services): A certificate is used for message signing and encryption. If the message is signed, a private certificate (.pfx) and its password are needed. If the message is encrypted, a public certificate (.cer) is needed.
When you create a BizTalk Service in the Azure Management Portal, a public certificate is automatically created that is self-signed and should only be used in test/development environments. You can use this certificate to secure the BizTalk Adapter Service (BAS) runtime website. See Runtime Components: BizTalk Adapter Service for details on the website.
This section lists the steps to install the certificate into the Trusted Root Certification Authorities store on your computer:
In the Azure Management Portal, select your BizTalk Service, and select the Dashboard tab. In quick glance, download the SSL certificate.
Copy the certificate to your test/development machine with the Microsoft Azure BizTalk Services SDK installed. This is a public certificate (.cer).
On your test/development machine, double-click the .cer file. Select Install Certificate.
Select Place all certificates in the following store, select Browse, and select Trusted Root Certification Authorities.
Complete the installation. You’ll get a Security Warning; which is normal. Select Yes.
A certificate may also have a .p7b extension. In this scenario, import the .p7b certificate, and then export it to a .pfx or .cer format using the following steps.
To import a .p7b certificate
Open the Microsoft Management Console (MMC.exe): In the Run window, type mmc.exe.
In the MMC, go to the File menu, and select Add/Remove Snap-in.
In Available snap-ins, select Certificates, and select Add. Select My user account, Service account or Computer account. Choose any option. We are importing the .p7b certificate only so we can export it.
Expand Certificates and choose any folder. For example, select Personal. We are importing the .p7b certificate only so we can export it in a .cer or .pfx format.
Right-click the folder, select All Tasks, and select Import. The Certificate Import Wizard opens:
Browse to the .p7b certificate file. In the Open window, select All Files from the filter drop-down, and then select the .p7b certificate.
Select the Certificate store to put the .p7b certificate. For example, select Personal.
Expand the Certificate store folder. The imported .p7b certificate is now displayed in the Certificates folder.
Once imported, the .p7b certificate can now be exported to a .cer or .pfx format.
To export a .p7b certificate as .cer or .pfx
Right-click the imported .p7b certificate, select All Tasks, and select Export. The Certificate Import Wizard opens:
Select the .CER or .PFX option. To determine which option to choose, see Manage Partners and Profiles in Azure BizTalk Services or Create an AS2 Agreement in Azure BizTalk Services.
Browse to the path to store the exported certificate and enter a File name. select Save.
Select Next and then select Finish to close wizard.
The exported certificate resides in the folder you entered.
When a certificate is exported in the MMC, the original certificate remains in the certificate store.
Registering and Updating a BizTalk Service Deployment on the BizTalk Services Portal
Manage Partners and Profiles in Azure BizTalk Services
Create Agreements in Azure BizTalk Services
Manage your Resources in BizTalk Services portal
Tracking Messages in BizTalk Services portal
Configuring Agreements from a BizTalk perspective
Configuring EDI, AS2, and EDIFACT on BizTalk Services Portal