How to make RNIFSend of BizTalk RosettaNet Accelerator work with self-signed certificates

%3CLINGO-SUB%20id%3D%22lingo-sub-1297751%22%20slang%3D%22en-US%22%3EHow%20to%20make%20RNIFSend%20of%20BizTalk%20RosettaNet%20Accelerator%20work%20with%20self-signed%20certificates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1297751%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20self-signed%20certificates%20are%20used%20with%20RosettaNet%20web%20application%20(i.e%3A%20RNIFSend%20and%20RNIFReceive)%2C%20then%20you%20may%20keep%20getting%20the%20following%20400%20bad%20requests%20due%20to%20SSL%20failure.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3EEvent%20Type%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Error%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3EEvent%20Source%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%20BizTalk%20Server%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3EEvent%20Category%3A%20(1)%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3EEvent%20ID%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%205754%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3EDate%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%203%2F31%2F2020%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3ETime%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%2012%3A39%3A11%20AM%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3EUser%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20N%2FA%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3EComputer%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20wjzhan779VM%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3EDescription%3A%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3EA%20message%20sent%20to%20adapter%20%22HTTP%22%20on%20send%20port%20%22WENZHE2020.Async%22%20with%20URI%20%22%3CA%20href%3D%22http%3A%2F%2Flocalhost%2FBTARNApp%2FRNIFSend.aspx%3FTPUrl%3Dhttps%2525%253a%2525%252f%2525%252fwenbim373vm%2525%252fBTARNApp%2525%252fRNIFReceive.aspx%26amp%3BxRNVersion%3DRosettaNet%2525%252fV02.00%26amp%3BxRNResponseType%3Dasync%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Flocalhost%2FBTARNApp%2FRNIFSend.aspx%3FTPUrl%3Dhttps%25%253a%25%252f%25%252fwenbim373vm%25%252fBTARNApp%25%252fRNIFReceive.aspx%26amp%3BxRNVersion%3DRosettaNet%25%252fV02.00%26amp%3BxRNResponseType%3Dasync%3C%2FA%3E%22%20is%20suspended.%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3BError%20details%3A%20The%20remote%20server%20returned%20an%20error%3A%20(400)%20Bad%20Request.%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3BMessageId%3A%26nbsp%3B%20%7BC5F206DB-1CFD-4152-9291-C95FAA364464%7D%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3EInstanceID%3A%20%7BDB2A8C6E-1154-4819-A117-A2FC92EFD30A%7D%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3EFor%20more%20information%2C%20see%20Help%20and%20Support%20Center%20at%20%3CA%20href%3D%22http%3A%2F%2Fgo.microsoft.com%2Ffwlink%2Fevents.asp%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fgo.microsoft.com%2Ffwlink%2Fevents.asp%3C%2FA%3E.%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHowever%20you%20verified%20all%20SSL%20related%20certs%20and%20config%20are%20correct%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EAll%20Cert%20trust%20relationship%20looks%20good.%3C%2FLI%3E%0A%3CLI%3EBrowser%20access%20to%20both%20SSL%20sites%20are%20fine.%3C%2FLI%3E%0A%3CLI%3ENo%20certificate%20chain%20verification%20errors%20in%20CAPI2%20log.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20root%20cause%20is%20actually%20inside%20the%20logic%20of%20the%20following%20function%20of%20RNIFSend%20web%20page%20while%20handling%20self-signed%20certificates.%26nbsp%3BIt%20only%20adds%20parent%20CA%20certificates%20into%20chainThumbprints%20which%20leads%20to%20this%20list%20always%20be%20empty%20since%20we%20directly%20adds%20self-signed%20public%20cert%20into%20trust%20root%20store.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20private%20bool%20AcceptSSLCertificate(Object%20sender%2C%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20X509Certificate%20certificate%2C%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%26nbsp%3BX509Chain%20certificateChain%2C%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20System.Net.Security.SslPolicyErrors%20sslPolicyErrors)%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%7B%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Boolean%20isCertFound%20%3D%20false%3B%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20List%3CSTRING%3E%20chainThumbprints%20%3D%20new%20List%3CSTRING%3E()%3B%3C%2FSTRING%3E%3C%2FSTRING%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20foreach%20(X509ChainElement%20element%20in%20certificateChain.ChainElements)%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%7B%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3B%3CSTRONG%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20if%20(element.Certificate.Thumbprint%20!%3D%20certificate.GetCertHashString())%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%7B%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%3CSTRONG%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20chainThumbprints.Add(element.Certificate.Thumbprint)%3B%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%7D%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%7D%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BX509Store%20trustedRootStore%20%3D%20new%20X509Store(StoreName.Root%2C%20StoreLocation.LocalMachine)%3B%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20trustedRootStore.Open(OpenFlags.OpenExistingOnly%20%7C%20OpenFlags.ReadOnly)%3B%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20X509Certificate2Collection%20storecollection%20%3D%20(X509Certificate2Collection)trustedRootStore.Certificates%3B%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20foreach%20(X509Certificate2%20x509%20in%20storecollection)%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%7B%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20if%20(chainThumbprints.Contains(x509.Thumbprint))%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%7B%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20isCertFound%20%3D%20true%3B%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20break%3B%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%7D%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%7D%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3Breturn%20isCertFound%3B%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%222%22%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%7D%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESo%20the%20solution%20is%20to%20build%20a%20custom%20Microsoft.Solutions.BTARN.RNIFSend.dll%20from%20SDK%20sample%20and%20comment%20that%20if%20statement.%20Then%20deployed%20this%20customized%20RNIFSend%20to%20IIS%20to%20perform%20data%20sending.%3C%2FP%3E%0A%3CDIV%20id%3D%22tinyMceEditorWenJun_Zhang_4%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-csharp%22%3E%3CCODE%3E%20%20private%20bool%20AcceptSSLCertificate(Object%20sender%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20X509Certificate%20certificate%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20X509Chain%20certificateChain%2C%0A%20%20%20%20%20%20%20%20%20%20%20%20System.Net.Security.SslPolicyErrors%20sslPolicyErrors)%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20Boolean%20isCertFound%20%3D%20false%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20List%3CSTRING%3E%20chainThumbprints%20%3D%20new%20List%3CSTRING%3E()%3B%0A%0A%20%20%20%20%20%20%20%20%20%20%20%20foreach%20(X509ChainElement%20element%20in%20certificateChain.ChainElements)%0A%20%20%20%20%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%2F%2Fif%20(element.Certificate.Thumbprint%20!%3D%20certificate.GetCertHashString())%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20chainThumbprints.Add(element.Certificate.Thumbprint)%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20%20%20%20%20%0A%20%20%20%20%20%20%20%20%20%20%20%20X509Store%20trustedRootStore%20%3D%20new%20X509Store(StoreName.Root%2C%20StoreLocation.LocalMachine)%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20trustedRootStore.Open(OpenFlags.OpenExistingOnly%20%7C%20OpenFlags.ReadOnly)%3B%0A%0A%20%20%20%20%20%20%20%20%20%20%20%20X509Certificate2Collection%20storecollection%20%3D%20(X509Certificate2Collection)trustedRootStore.Certificates%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20foreach%20(X509Certificate2%20x509%20in%20storecollection)%0A%20%20%20%20%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20if%20(chainThumbprints.Contains(x509.Thumbprint))%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20isCertFound%20%3D%20true%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20break%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20%20%20%20%20%0A%20%20%20%20%20%20%20%20%20%20%20%20return%20isCertFound%3B%0A%20%20%20%20%20%20%20%20%7D%3C%2FSTRING%3E%3C%2FSTRING%3E%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20custom%20RNIFSend%20page%20will%20be%20able%20to%20work%20well%20with%20self-signed%20certificates.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Microsoft

If self-signed certificates are used with RosettaNet web application (i.e: RNIFSend and RNIFReceive), then you may keep getting the following 400 bad requests due to SSL failure.

 

Event Type:        Error

Event Source:    BizTalk Server

Event Category: (1)

Event ID:              5754

Date:                     3/31/2020

Time:                     12:39:11 AM

User:                     N/A

Computer:          wjzhan779VM

Description:

A message sent to adapter "HTTP" on send port "WENZHE2020.Async" with URI "http://localhost/BTARNApp/RNIFSend.aspx?TPUrl=https%%3a%%2f%%2fwenbim373vm%%2fBTARNApp%%2fRNIFReceiv..." is suspended.

 Error details: The remote server returned an error: (400) Bad Request.

 MessageId:  {C5F206DB-1CFD-4152-9291-C95FAA364464}

InstanceID: {DB2A8C6E-1154-4819-A117-A2FC92EFD30A}

 

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

 

However you verified all SSL related certs and config are correct:

 

  • All Cert trust relationship looks good.
  • Browser access to both SSL sites are fine.
  • No certificate chain verification errors in CAPI2 log.

 

The root cause is actually inside the logic of the following function of RNIFSend web page while handling self-signed certificates. It only adds parent CA certificates into chainThumbprints which leads to this list always be empty since we directly adds self-signed public cert into trust root store.

 

        private bool AcceptSSLCertificate(Object sender,

            X509Certificate certificate,

            X509Chain certificateChain,

            System.Net.Security.SslPolicyErrors sslPolicyErrors)

        {

            Boolean isCertFound = false;

            List<string> chainThumbprints = new List<string>();

 

            foreach (X509ChainElement element in certificateChain.ChainElements)

            {

                if (element.Certificate.Thumbprint != certificate.GetCertHashString())

                {

                    chainThumbprints.Add(element.Certificate.Thumbprint);

                }

            }

           

            X509Store trustedRootStore = new X509Store(StoreName.Root, StoreLocation.LocalMachine);

            trustedRootStore.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);

 

            X509Certificate2Collection storecollection = (X509Certificate2Collection)trustedRootStore.Certificates;

            foreach (X509Certificate2 x509 in storecollection)

            {

                if (chainThumbprints.Contains(x509.Thumbprint))

                {

                    isCertFound = true;

                    break;

                }

            }

           

            return isCertFound;

        }

 

So the solution is to build a custom Microsoft.Solutions.BTARN.RNIFSend.dll from SDK sample and comment that if statement. Then deployed this customized RNIFSend to IIS to perform data sending.

 

 

 

 

  private bool AcceptSSLCertificate(Object sender,
            X509Certificate certificate,
            X509Chain certificateChain,
            System.Net.Security.SslPolicyErrors sslPolicyErrors)
        {
            Boolean isCertFound = false;
            List<string> chainThumbprints = new List<string>();

            foreach (X509ChainElement element in certificateChain.ChainElements)
            {
                //if (element.Certificate.Thumbprint != certificate.GetCertHashString())
                {
                    chainThumbprints.Add(element.Certificate.Thumbprint);
                }
            }
            
            X509Store trustedRootStore = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
            trustedRootStore.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);

            X509Certificate2Collection storecollection = (X509Certificate2Collection)trustedRootStore.Certificates;
            foreach (X509Certificate2 x509 in storecollection)
            {
                if (chainThumbprints.Contains(x509.Thumbprint))
                {
                    isCertFound = true;
                    break;
                }
            }
            
            return isCertFound;
        }

 

 

 

This custom RNIFSend page will be able to work well with self-signed certificates.

 

0 Replies