I'm trying to configure BizTalk Accelerator for Rosettanet 3.3 to handle
transactions over SSL where the remote system requires certificate based
authentication.
The result of my efforts is the painfully descriptive error: "The remote
server returned an error: (400) Bad Request."
When using a non-secure URL for delivery (HTTP) , the message seems to
send
fine.
If I set up a standard send ****t configured to do HTTPS and send it a
message, it will work fine. So I'm pretty sure my keys are all in the
right
places.
To outline a bit of what I have done:
1. Generated and installed my private cert in IIS6.
2. Used the certwizard.exe to install my private key, public key, the
keys
of my CA (verisign), as well as the public key for the partner as well as
their CA.
3. On the agreement properties under ****ts, all ****ts point to the remote
computer's receiving application using https://......../
(this is
non-async).
4. Under the partner properties, I have selected their certificate as
both
the signature and encryption keys.
5. Under process configuration settings for the agreement, I have set
Non-Repudiation Required, Is Authorization Required, Is secure Trans****t
Required, and Non-Repudiation of Origin and Content all to True.
6. I've tried with and without setting the SSL Certificate Thumbprint on
the .Async send ****t.
From what I can see from packet sniffing, as well as what the remote side
re****ts seeing, is that we're falling apart while setting up the SSL
connection. Basically, after we connect, the remote side presents their
certificate and then all communications stops.
If it makes any difference, the remote system is Webmethods.
If I visit the remote side's receive URL via internet explorer, I get no
cert warning errors. Only the option to select which cert I'd like to
present for Identification.
As I mentioned before, I can set up and HTTPS ****t to that same URL and
have
it process without errors.
But I just can't seem to get BTARN/RNIFSend.aspx to make it all work.
Help!
Regards,
Alex
|
