Re: 400 Bad Request Error



Paul,
Thanks for the reply,it does not look like the partner is using 2 different
certs,they are using just one for ssl and the same one is used for payload
encryption and digital signing.
I have that cert imported into my trusted people certificate store for the
biztalk service account.
I tried adding a client cert and without one and it is the same result.I do
not believe that the partner's server requires a client cert because i am
able to open the url on a browser w/o a client cert.
I have spent gargantuan proportion of time to resolve this issue.I dont know
what i am missing.I hope someone out there can help me.

Thanks
B

"Paul Somers" wrote:

When it comes to ssl reqeusts, there can be two certificates, some
organisations require you to sign the message with a certificate and then
use a SSL connection on a different certificate. I'd check for this.

Second check that the public certificate for the ssl service is in the cert
store, under the correct path. Importing it should put it in the right
place, sometimes you can put it somewhere else.


"bomb" <bharathram@xxxxxxxxx> wrote in message
news:6584732e-7a9f-4309-a910-843c9be2ce2a@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Guys,
I am using BTS 2006 and BizTalk Accelerator for RosettaNet 3.3, and i
am trying to receive a 0C1 Asynchronous Test Request from a partner.
Prologue:
We are using a https connection,the partner is able to send me a
signed and encrypted request through the ssl,
but when i send out a signal to the partner in response to this
request i get a 400 Bad Request Error.
when i pointed my send port to the partner's url insted of the
rnifsend.aspx page,
i got a ssl handshake error,
Error details: The underlying connection was closed: Could not
establish trust relationship for the SSL/TLS secure channel.
The partner's certificate is in the other people's store and the
certificate is also in the trusted certificate authority store.

When this happened i tried to open the url in a browser and found that
the certificate was issued to a differerent url and there was a
warning.
So i requested the client to create a new cert for the current url
Even on changing the cert,i am getting the same 400 bad request
error.I am pretty sure that this has to do with the certificates.
I would greatly appreciate if anybody can help me resolve this issue.




.



Relevant Pages

  • Re: 400 Bad Request Error
    ... Thanks for the reply,it does not look like the partner is using 2 different ... I have that cert imported into my trusted people certificate store for the ... I tried adding a client cert and without one and it is the same result.I do ... use a SSL connection on a different certificate. ...
    (microsoft.public.biztalk.server)
  • Re: Problem processing SSL certificate response.
    ... "Download SSL Diagnostics 1.1 from Microsoft.com and use it to diagnose ... Note that I am able to work around this by requesting/processing a request ... transfering the generated PFX into the certificate store on the IIS machine. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Problem processing SSL certificate response.
    ... "Download SSL Diagnostics 1.1 from Microsoft.com and use it to diagnose ... I know why SSL isn't working: there isn't a private key. ... Note that I am able to work around this by requesting/processing a request ... transfering the generated PFX into the certificate store on the IIS machine. ...
    (microsoft.public.inetserver.iis.security)
  • Re: 400 Bad Request Error
    ... Thanks for the reply,it does not look like the partner is using 2 different ... I have that cert imported into my trusted people certificate store for the ... I tried adding a client cert and without one and it is the same result.I do ... use a SSL connection on a different certificate. ...
    (microsoft.public.biztalk.server)
  • Re: SSL & "All Unassigned"
    ... The SSL requires a specific IP, ... > - Was the Web server certificate part of an export or import process? ... > request to the Web server certificate issuer (that is, ...
    (microsoft.public.inetserver.iis.security)