"The Signing Certificate has not been configured" error using certificates with EDI/AS2

Article translations Article translations
Close Close
Article ID: 971193 - View products that this article applies to.
Expand all | Collapse all

On This Page

Source: Microsoft Support

RAPID PUBLISHING

RAPID PUBLISHING ARTICLES PROVIDE INFORMATION DIRECTLY FROM WITHIN THE MICROSOFT SUPPORT ORGANIZATION. THE INFORMATION CONTAINED HEREIN IS CREATED IN RESPONSE TO EMERGING OR UNIQUE TOPICS, OR IS INTENDED SUPPLEMENT OTHER KNOWLEDGE BASE INFORMATION.

Symptom

When attempting to use a certificate for EDI/AS2 processing, you may get an error similar to the following:

Event ID:      8132
Level:         Error
Description:
A BTS MIME error was encountered when attempting to encode a message.  Error: The Signing Certificate has not been configured for AS2 party.  AS2-From: Value AS2-To: Value

Event ID:      5802
Level:         Error
Description:
There was a failure executing the response(send) pipeline: "Microsoft.BizTalk.EdiInt.DefaultPipelines.AS2Send, Microsoft.BizTalk.Edi.EdiIntPipelines, Version=3.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" Source: "AS2 encoder" Receive Port: "PortName" URI: "/HwsMessages/BTSHTTPReceive.dll?997" Reason: The Signing Certificate has not been configured for AS2 party.  AS2-From: Value AS2-To: Value

Event ID:      5815
Level:         Error
Description:
A response message sent to adapter "HTTP" on receive port "PortName" with URI "/HwsMessages/BTSHTTPReceive.dll? 997" is suspended.
 Error details: There was a failure executing the response(send) pipeline: "Microsoft.BizTalk.EdiInt.DefaultPipelines.AS2Send, Microsoft.BizTalk.Edi.EdiIntPipelines, Version=3.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" Source: "AS2 encoder" Receive Port: "PortName" URI: "/HwsMessages/BTSHTTPReceive.dll?997" Reason: The Signing Certificate has not been configured for AS2 party.  AS2-From: Value AS2-To: Value
MessageId:  {D8192426-7521-4BEF-946F-A0E3BDC4B06B} 
InstanceID: {41CADA06-0629-4B3C-847B-26C9F1B2B0D2}

Event Type:        Error
Event ID:              5754
Description:
A message sent to adapter "FILE" on send port "PortName" with URI "c:\temp\%MessageID%.txt" is suspended.
 Error details: There was a failure executing the send pipeline: "Microsoft.BizTalk.EdiInt.DefaultPipelines.AS2Send, Microsoft.BizTalk.Edi.EdiIntPipelines, Version=3.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" Source: "AS2 encoder" Send Port: "PortName" URI: " c:\temp\%MessageID%.txt" Reason: The Signing Certificate has not been configured for AS2 party.  AS2-From: Value AS2-To: Value
MessageId:  {62DC417E-6D42-4287-9E0C-282CEE358B8E} 
InstanceID: {272B0516-2964-480A-BAE1-091C5135AE62} 

Event Type:        Error
Event ID:              5720
Description:
There was a failure executing the send pipeline: "Microsoft.BizTalk.EdiInt.DefaultPipelines.AS2Send, Microsoft.BizTalk.Edi.EdiIntPipelines, Version=3.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" Source: "AS2 encoder" Send Port: "PortName" URI: "c:\temp\%MessageID%.txt" Reason: The Signing Certificate has not been configured for AS2 party.  AS2-From: Value AS2-To: Value

Cause

This can occur for the following reasons:
  • The certificate is not installed into the BizTalk host account’s personal store.
  • The certificate is not configured correctly in BizTalk Administration.
  • The BizTalk host account’s user profile is not loaded.
  • The BizTalk Group has been renamed in BizTalk Administration.

Resolution

Install the certificate into the Personal Store

There are three ways that a certificate can be installed into the BizTalk HOST account’s Personal store.  Use one of the following options:

Option 1

Log in to the BizTalk server as the BizTalk service account. Then, open the MMC, add the Certificates snap-in and import the certificate into the Certificate – Current User Personal store. This is probably the best option if you will be configuring a certificate for Signing, Encryption or Decryption in BizTalk Administration.

Note The MMC Certificates Snap-In Import Steps section below provides more specific steps.

Option 2

Open the MMC as the BizTalk service account using the RunAs feature. Steps:

1. Open a command window. 
2. Type: runas /user:BizTalkServiceAccount mmc
3. Hit Enter. 
4. Enter the password when prompted. 

Once in the MMC, add the Certificates snap-in and import the certificate into the Certificates – Current User Personal store. The MMC Certificates Snap-In Import Steps section below provides more specific steps. 

Option 3

The Certificate Wizard SDK Utility can be used to import the certificate into the BizTalk host account’s Personal store and configure the certificate in the BizTalk Group properties correctly.

For more information on Certificate Wizard SDK Utility, visit the following MSDN site:
http://msdn.microsoft.com/en-us/library/bb727929.aspx

Configure the certificate in BizTalk Administration

There are four places to configure certificates in BizTalk Administration:

·         BizTalk Group properties
·         Party properties
·         Send Port properties
·         Host properties

The appropriate certificate must be added to the appropriate certificate store and associated with the appropriate BizTalk artifact. The MSDN link below should be used to determine the following:

·         Which store the certificate should be imported
·         If a private certificate (.pfx) or a public certificate (.cer) is needed
·         Where in BizTalk Administration a certificate should be configured

Configuring Certificates for AS2
http://msdn.microsoft.com/en-us/library/bb728096.aspx

Load the BizTalk user profile

The Personal certificate store will be available for message processing only if the BizTalk host account’s user profile is loaded. For the in-process host instance, the user profile is loaded by default. For the isolated host instance, the user profile is not loaded by default.

There are two options to work-around this behavior:

1. Use the same account for the in-process host instance and the isolated host instance. 
2. Create an application to load the user profile for the isolated host. 

For information on the LoadUserProfile Function, visit the following MSDN site:
http://msdn.microsoft.com/en-us/library/bb762281(VS.85).aspx

Rename the BizTalk group back to the default

To work around this behavior, rename the BizTalk group back to the default value of BizTalk Group. To do this, follow these steps: 

1. Open BizTalk Administration.
2. Select the BizTalk group.
3. Right-click the BizTalk group and select Properties.
4. In General, change the Name property to BizTalk Group.
5. Cick OK.

More Information

Certificates used for the AS2 transport must have the attributes required for their intended use. For signing and signature verification, the Key Usage attribute of the certificate must be Digital Signature. For encryption and decryption, the Key Usage attribute of the certificate must be Data Encipherment or Key Encipherment. You can verify the Key Usage attribute by double-clicking the certificate, clicking the Details tab in the Certificate dialog box, and checking the Key Usage field. 

MMC Certificates Snap-In Import Steps 

1. In the MMC, go to the File menu and select Add/Remove Snap-in.
2. Add the Certificates snap-in and select My user account if prompted. Click OK.
3. Expand Certificates – Current User, right-click Personal, select All Tasks and then select Import.  
4. This opens the Certificate Import Wizard. Follow these steps:  

a) Click Next.
b) Browse to the .pfx file and click Open. Click Next.
c) If the certificate has a password, enter it. You can also check Mark this key as exportable if you want to back-up the certificate. Click Next
d) Confirm Personal is listed in Certificate store. Click Next
e) Click Finish.  The certificate should now be listed. 



DISCLAIMER

MICROSOFT AND/OR ITS SUPPLIERS MAKE NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY, RELIABILITY OR ACCURACY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE (THE “MATERIALS”) FOR ANY PURPOSE. THE MATERIALS MAY INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS AND MAY BE REVISED AT ANY TIME WITHOUT NOTICE.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND/OR ITS SUPPLIERS DISCLAIM AND EXCLUDE ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF TITLE, NON INFRINGEMENT, SATISFACTORY CONDITION OR QUALITY, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE MATERIALS.
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Properties

Article ID: 971193 - Last Review: February 23, 2011 - Revision: 2.0
APPLIES TO
  • Microsoft BizTalk Server Branch 2010
  • Microsoft BizTalk Server Developer 2010
  • Microsoft BizTalk Server Enterprise 2010
  • Microsoft BizTalk Server Standard 2010
  • Microsoft BizTalk Server 2009 Branch
  • Microsoft BizTalk Server 2009 Developer
  • Microsoft BizTalk Server 2009 Enterprise
  • Microsoft BizTalk Server 2009 Standard
  • Microsoft BizTalk Server 2006 R2 Branch Edition
  • Microsoft BizTalk Server 2006 R2 Developer Edition
  • Microsoft BizTalk Server 2006 R2 Enterprise Edition
  • Microsoft BizTalk Server 2006 R2 Standard Edition
Keywords: 
kbrapidpub kbnomt KB971193

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com