0

Can anyone tell me how to disable certificate revocation list validation in BizTalk.

Here is the scenario:

I have configured a BizTalk 2020 native FTP receive port that communicate to a client via FTPS Implicit mode. When the port is connecting to the FTPS server I get the error "The certificate is revoked". I want the BizTalk or port so ignore this certificate and not validate it, so how do I configure BizTalk 2020 FTP port to ignore certificate validation?

I have checked list list without no help: Known Issues with Certificates in BizTalk Server

I have also tried to add config setting in the BizTalk server config without luck!

Dijkgraaf
  • 11,049
  • 17
  • 42
  • 54
Balatharan
  • 125
  • 13
  • I don't think you can, this is happening in the .Net layer. Is the certificate actually revoked? Can you update the certificate on the FTPS server? – Dijkgraaf Sep 30 '20 at 22:07
  • Hi, it’s FTPS server from one of our partner and the certificate is revoked due to it’s expired. The customer tell us to not validate the certificate. – Balatharan Oct 01 '20 at 04:43
  • Something to think about: I think you should advise your employer that they should reconsider doing business with a company unwilling to secure their internet exposed end points. This is an example of how companies are breached and can have a lot of damage done. – Marvin Smit Oct 01 '20 at 09:22

1 Answers1

1

Although not recommended outside testing and development scenarios, you can disable the revocation-check through .NET's System.Net.ServicePoint class using the static ServicePointManager class.

You can configure this in BizTalk's host-process application config file (BtsNtSvc.exe.config) with the downside that it would affect all 32-bit host-instances in this case.

<system.net>
  <settings>
    <servicePointManager checkCertificateRevocationList="false" />
  </settings>
</system.net>

An alternative, and probably better, approach would be to create a BizTalk pipeline-component using something like this:

public IBaseMessage Execute(IPipelineContext pContext, IBaseMessage pInMsg)
{
    System.Net.ServicePointManager.CheckCertificateRevocationList = false;
    return pInMsg;
}
magnus
  • 813
  • 2
  • 8
  • 15
  • Hello Magnus, thanks for your answer. I have tried config Way with no luck. But the pipeline Way sound interesting. Can you tell me how i implement this for the Microsofts FTP recieve port and send port. I’m more interest how to do this for the FTP recieve port.. is this decoder. But is the pipeline called after the FTP port havd done the connect, because i get this error when i do the authentication to the FTP server! thanks.. – Balatharan Oct 08 '20 at 19:14