| title | description | services | ms.suite | author | ms.author | ms.reviewer | ms.topic | ms.date |
|---|---|---|---|---|---|---|---|---|
Secure B2B messages with certificates |
Add certificates to help secure B2B messages in Azure Logic Apps with the Enterprise Integration Pack |
logic-apps |
integration |
divyaswarnkar |
divswa |
estfan, logicappspm |
article |
08/17/2018 |
When you need to keep B2B communication confidential, you can increase security for B2B communication in your enterprise integration apps, specifically logic apps, by adding certificates to your integration account. Certificates are digital documents that check the identities for the participants in electronic communications and help you secure communication in these ways:
- Encrypt message content.
- Digitally sign messages.
You can use these certificates in your enterprise integration apps:
-
Public certificates, which you must purchase from a public internet certificate authority (CA) but don't require any keys.
-
Private certificates or self-signed certificates, which you create and issue yourself but also require private keys.
[!INCLUDE updated-for-az]
To use a public certificate in logic apps that have B2B capabilities, you must first upload the certificate to your integration account. After you define the properties in the agreements that you create, the certificate is available to help you secure your B2B messages.
-
Sign in to the Azure portal. On the main Azure menu, select All resources. In the search box, enter your integration account name, and then select the integration account you want.
-
Under Components, choose the Certificates tile.
-
Under Certificates, choose Add. Under Add Certificate, provide these details for your certificate. When you're done, choose OK.
Property Value Description Name <certificate-name> Your certificate's name, which is "publicCert" in this example Certificate Type Public Your certificate's type Certificate <certificate-file-name> To find and select the certificate file you want to upload, choose the folder icon next to the Certificate box. 
After Azure validates your selection, Azure uploads your certificate.
To use a private certificate in logic apps that have B2B capabilities, you must first upload the certificate to your integration account. You also need to have a private key that you first add to Azure Key Vault.
After you define the properties in the agreements that you create, the certificate is available to help you secure your B2B messages.
Note
For private certificates, make sure that you add a corresponding public certificate that appears in the AS2 agreement's Send and Receive settings for signing and encrypting messages.
-
Add your private key to Azure Key Vault and provide a Key Name.
-
Authorize Azure Logic Apps to perform operations on Azure Key Vault. To grant access to the Logic Apps service principal, use the PowerShell command, Set-AzKeyVaultAccessPolicy, for example:
Set-AzKeyVaultAccessPolicy -VaultName 'TestcertKeyVault' -ServicePrincipalName '7cd684f4-8a78-49b0-91ec-6a35d38739ba' -PermissionsToKeys decrypt, sign, get, list -
Sign in to the Azure portal. On the main Azure menu, select All resources. In the search box, enter your integration account name, and then select the integration account you want.
-
Under Components, choose the Certificates tile.
-
Under Certificates, choose Add. Under Add Certificate, provide these details for your certificate. When you're done, choose OK.
Property Value Description Name <certificate-name> Your certificate's name, which is "privateCert" in this example Certificate Type Private Your certificate's type Certificate <certificate-file-name> To find and select the certificate file you want to upload, choose the folder icon next to the Certificate box. When using a key vault for the private key, the uploaded file will be the public certificate. Resource Group <integration-account-resource-group> Your integration account's resource group, which is "MyResourceGroup" in this example Key Vault <key-vault-name> Your Azure key vault's name Key name <key-name> Your key's name 
After Azure validates your selection, Azure uploads your certificate.
