BizTalk, Certificates and PowerShell.

About a month ago, we had a problem migrating an old BizTalk application from the development environment to the quality environment. This application signs the incoming messages, based on the certificate installed on the machine, and puts this signature in one record in the body of the message; all of this is executed in the received pipeline. The certificate is loaded based on the thumbprint.

When we attempted to test the application, we got the following error:

“Cannot find a local machine certificate with the thumbprint: 5693ae76acfe33325bd6e1f05f38a9941892cb69 cannot be found.”

Because this was an old application and lacked documentation, our problem was knowing what and where the certificate was installed.

Using MMC (Microsoft Management Console), we can see all the certificates installed on the machine, but we cannot search by thumbprint!!! 🙁

So I asked my friend José António Silva to show me the power of PowerShell to solve my annoying problem:

Solution 1

gci cert:\* -Recurse | ?{$_.Thumbprint -eq "5693ae76acfe33325bd6e1f05f38a9941892cb69"} | select Subject, PSPath}

The result will be something like this:

Subject                                     PSPath
——-                                        ——
O=”… S A “, C=PT, CN=… SA      Microsoft.PowerShell.Security\Certificate::CurrentUser\R…
O=”… S A “, C=PT, CN=… SA      Microsoft.PowerShell.Security\Certificate::LocalMachine\…
O=”… S A “, C=PT, CN=… SA     Microsoft.PowerShell.Security\Certificate::LocalMachine\…

Solution 2

gci cert:\* -Recurse | ?{$_.Thumbprint -eq "5693ae76acfe33325bd6e1f05f38a9941892cb69"} | select PSParentPath

Where this time the result will be a little simpler:

PSParentPath
————
Microsoft.PowerShell.Security\Certificate::CurrentUser\Root
Microsoft.PowerShell.Security\Certificate::LocalMachine\My
Microsoft.PowerShell.Security\Certificate::LocalMachine\Root

So now I know where the certificate is installed, and what certificate I should install in a quality environment.

Download

THESE POWERSHELL SCRIPTS ARE PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND.

You can download Check where a specific certificate is installed with PowerShell from GitHub here:

Hope you find this helpful! If you liked the content or found it useful and would like to support me in writing more, consider buying (or helping to buy) a Star Wars Lego set for my son. 

Author: Sandro Pereira

Sandro Pereira lives in Portugal and works as a consultant at DevScope. In the past years, he has been working on implementing Integration scenarios both on-premises and cloud for various clients, each with different scenarios from a technical point of view, size, and criticality, using Microsoft Azure, Microsoft BizTalk Server and different technologies like AS2, EDI, RosettaNet, SAP, TIBCO etc. He is a regular blogger, international speaker, and technical reviewer of several BizTalk books all focused on Integration. He is also the author of the book “BizTalk Mapping Patterns & Best Practices”. He has been awarded MVP since 2011 for his contributions to the integration community. View all posts by Sandro Pereira