Thanks for the reply.

Our situation isn't even as complicated as you've interpreted.

We receive XML purchase order documents from customers. They use either
certificate or username/password authentication and that all works fine. We
use IIS to check credentials and BizTalk to resolve the sending party.

We are required to send XML purchase order response documents back again.
Our customers similarly require us to authenticate ourselves using
username/password or a certificate. I've set up a local test web server to
act as the customers system (no BizTalk, simply IIS). The username/password
approach works fine, but certificates do not. We get a 403 response every
time.

It must be possible to set up a different certificate per send port, as
differnet customers require us to submit different certificates. Indeed this
would appear to be the case, as the certificate thumbprint is defined in the
HTTP send port configuration.

I'm not sure what the purpose of the signing certificate is at the BizTalk
installation level, as you describe. I have tried setting this also, but it
made no difference.

I think the fundemental problem is that if the "Anonymous" authentication
method is selected when configuring the HTTP send port, the client
certificate is not sent. There does not appear to be a "Use client
certificate" option in the authentication method list.

Could someone from Microsoft please explain how to set up client certificate
authentication? We have used BizTalk 2000 in production for some years, and
this has always worked fine. That's progress!!

Doug

[ Post a follow-up to this message ]