FIX: Cannot Select a Verisign SSL Client Authentication Certificate (287670)
The information in this article applies to:
- Microsoft BizTalk Server 2000
This article was previously published under Q287670 SYMPTOMS
When you configure a channel, you can select a client certificate to use for a HTTPS transport in the Advanced Configuration dialog box. The certificate should have Client Authentication as its intended purpose. Both Microsoft Client Authentication certificates and Verisign Class 1 Digital IDs meet this requirement. However, in BizTalk Server 2000, you can only select an SSL Client Authentication certificate issued by Microsoft Certificate Server. Verisign Class 1 Digital IDs do not appear in the Client Certificates drop-down list on the BizTalk SendHTTPX Properties page.
CAUSE
BizTalk incorrectly filters out Verisign Class 1 Digital IDs.
RESOLUTIONTo resolve this problem, obtain the latest service pack for Microsoft BizTalk Server 2000. For additional information, click the following article number to view the article in the
Microsoft Knowledge Base:
299664 INFO: How to Obtain the Latest BizTalk Server 2000 Service Pack
STATUSMicrosoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Microsoft BizTalk Server 2000 Service Pack 1.MORE INFORMATION
On a related note, do not select private key protection when you request the certificate. Do not select the Check this box to protect your private key option when you apply for a Verisign Class 1 Digital ID. Do not select the Enable strong private key protection option when you request a Microsoft Certificate Server certificate. If this option is enabled, a dialog box appears every time the certificate is accessed. BizTalk Server does not handle this because it runs as a service instead of an interactive program.
Modification Type: | Major | Last Reviewed: | 10/17/2003 |
---|
Keywords: | kbBizTalk2000SP1fix kbbug kbfix KB287670 |
---|
|