EldoS | Feel safer!

Software components for data protection, secure storage and transfer

FTPS - failed to load SSL certificate

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#9500
Posted: 04/01/2009 12:05:08
by Richard Butterwood (Basic support level)
Joined: 03/31/2009
Posts: 3

I wish to connect to an FTPS site with an SSL certificate stored in the current user certificate store. The adapter is complaining that it is not a valid URI.

The values for the certificate are:
Certifcate = <certificate name>
CertificatePassword = ""
CertificatePath = ""
CertificateSource = "System"

How do I tell to load the certificate from the current user store?

[4/1/2009 10:30 AM] EldoS FTPS Adapter (transmit): __ctor()
[4/1/2009 10:30 AM] EldoS FTPS Adapter (transmit): TransmitMessage()
[4/1/2009 10:30 AM] EldoS FTPS Adapter (transmit): CreateProperties()
[4/1/2009 10:30 AM] EldoS FTPS Adapter (transmit): ProcessMessage()
[4/1/2009 10:30 AM] AdapterProperties::LoadFromMessageContext()
[4/1/2009 10:30 AM] EldoS FTPS Adapter: Loading certificates
[4/1/2009 10:30 AM] EldoS FTPS Adapter: Loading client certificate(s)
[4/1/2009 10:30 AM] Error: URI is not valid to load conditions.
#9501
Posted: 04/01/2009 22:35:58
by Ken Ivanov (EldoS Corp.)

The article explains the process of setting up system certificates in detail.

Please note that depending on the rights given to the account, under which BizTalk Host Instance is running, BizTalk server might be unable to access certificates stored in "local machine" certificate store. Please also note that the "current user" store must correspond to the account under which BizTalk Host Instance is running, i.e. you should run MMC under the appropriate user account when importing certificates to a system store.
#9527
Posted: 04/02/2009 11:21:47
by Richard Butterwood (Basic support level)
Joined: 03/31/2009
Posts: 3

Update - I figured it out. I had to install the certificate under the local account.


Thank you for the reply.

The BizTalk Host Instance is started under my account. This can be seen through "Log On As" in windows services. The certificate is installed under:
Certificates - Current User -> Personal -> Certificates

I configured the adapter with (store="MY"). When I test the configuration it doesn't pick up any certificates. For the adapter to load the certificates, where do the certificates have to be stored?

[4/2/2009 10:30 AM] EldoS FTPS Adapter (transmit): __ctor()
[4/2/2009 10:30 AM] EldoS FTPS Adapter (transmit): TransmitMessage()
[4/2/2009 10:30 AM] EldoS FTPS Adapter (transmit): CreateProperties()
[4/2/2009 10:30 AM] EldoS FTPS Adapter (transmit): ProcessMessage()
[4/2/2009 10:30 AM] AdapterProperties::LoadFromMessageContext()
[4/2/2009 10:30 AM] EldoS FTPS Adapter: Loading certificates
[4/2/2009 10:30 AM] EldoS FTPS Adapter: Loading client certificate(s)
[4/2/2009 10:30 AM] EldoS FTPS Adapter: 0 certificates loaded
[4/2/2009 10:30 AM] EldoS FTPS Adapter: Loading trusted certificate(s)
[4/2/2009 10:30 AM] EldoS FTPS Adapter: 0 certificates loaded
[4/2/2009 10:30 AM] EldoS FTPS Adapter: Opening the connection
[4/2/2009 10:30 AM] EldoS FTPS Adapter: Optionally performing SSL/TLS negotiation and logging in
#9537
Posted: 04/02/2009 23:52:42
by Ken Ivanov (EldoS Corp.)

Quote
Update - I figured it out. I had to install the certificate under the local account.

Do I understand you right that the certificate is loaded correctly now?

Quote
For the adapter to load the certificates, where do the certificates have to be stored?

In most configurations one of the two following cases (or both of them) will work. The certificates should be stored either in
1) local machine store,
2) current user store corresponding to the account under which the BizTalk Host Instance process is running.

The second case is preferred for two reasons. First, no one except the BizTalk process is able to access such certificates (certificates stored under local machine account can be available to other users). Second, depending on the permissions given to the BizTalk Host Instance user, the latter might be unable to access the certificates stored under local machine account.

Reply

Statistics

Topic viewed 5051 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!