Some more evidence that the client certificate is not being sent.

I set the BizTalk HTTP send port to Basic authentication and entered a
username and password. On the web server I set the access permissions to
allow basic authentication, require SSL but just ACCEPT client certificates
(no mapping to windows user). This all worked OK and the request was
successful.

I changed the web server access permissions to REQUIRE a client certificate,
but left all other settings alone, and got a 403 response again.

Also, I tried changing the certificate thumbprint slightly in the BizTalk
HTTP send port configuration, and got an error indicating that the
certificate could not be found, as expected. So, my guess is that BizTalk
looks for the certificate when a thumbprint is specified but does not send i
t.

Does anyone know a (simple!) way to capture the HTTP request, either before
it leaves the BizTalk server or as it arrives at the web server, so I can
check whether a client certificate has been provided? It's a bit beyond my
skills!

Doug

[ Post a follow-up to this message ]