Our ssl certificate recently expired, so we were issued a new one by the CA. Unfortunately, when biztalk uses this certificate to access a server, the server rejects it, giving us a 403.17 error (Expired or not yet valid).
So I checked the dates of the certificate and it seems okay. But to really check if the certificate was working, we loaded it into IE7 and tried to access the server. Doing so works.
Biztalk looks at a hard-coded location for the certificate, but we've already replaced that file with the new one.
Any idea why when Biztalk tries to access the server, it gets rejected?
-
Maybe Biztalk has cached your certificate?
Anton : We checked that, and it wasn't caching it at all. -
We've found out the solution. The problem was access to the certificate and private key. When replacing the certificate, its not enough to install it. Why? Because it will only be installed under the current user.
Biztalk runs as a user: BizTalkSVC, and that account did not have permission to access the certificate.
Once it was granted permission, it ran like a charm!
0 comments:
Post a Comment