Whenever our POP3 Receive Location read a signed mail, it throwed the following exception and suspended the instance:
A message received by adapter "POP3" on receive location "yyy" with URI "POP3://yyy#yyy\yyy" is suspended.
Error details: There was an authentication failure. "The status of the certificate authority that issued the certificate used to sign the message is unknown.".
The reason behind was, that the certificate was found, but the Certificate Revocation List (CRL) from the Internet could not be opened, because the server had no Internet access. Since the CRL is saved in public available CRL files, we only had to open the firewall for these types of files, and BizTalk could accept the mails.
3 comments:
Add CRLs in Intermediate Certification Authorities -> Certficate Revocation List Store if Server does not have any internet connections. Be sure to include the Certification Authority (CA) in Trusted Root CA
Certificate CRLs should be added in Intermediate Certification Authorities -> Certficate Revocation List Store if Server does not have any internet connections. Be sure to include the Certification Authority (CA) in Trusted Root CA
Thanks for your comment, Edgardo. Storing the CRL in the CRL Store sounds like a good idea. How do you easily update all these CRLs from time to time without Internet connection?
Post a Comment