Authenticating Messages Using an External Certificate

From an application perspective, authenticating messages using an external certificate is very easy. It simply requires getting the external certificate from a certificate authority, retrieving information from the certificate, and setting the appropriate message properties.

To send an authenticated message

1. Obtain a certificate from an authorized certificate authority. A common way to obtain a certificate is to request a class 1 certificate from VeriSign Commercial Software Publishers CA, using Microsoft® Internet Explorer (version 3.0 or later).
   
   
2. Place the certificate in the Microsoft Internet Explorer personal certificate store (if Internet Explorer was used to obtain the certificate, this is done automatically). MSMQ can only use certificates placed in this store.
   
   
3. If you want to use a sender identifier in addition to the certificate information, register the certificate using the MSMQ Control Panel. This step is not required to authenticate the message.
   
   
4. Set PROPID_M_AUTH_LEVEL to MQMSG_AUTH_LEVEL_ALWAYS.
   
   
5. If the certificate is only going to be used once, set PROPID_M_SENDER_CERT. If the same certificate is going to be used several times, call MQGetSecurityContext to retrieve security information from the certificate and set PROPID_M_SECURITY_CONTEXT.
   
   
6. If you want to change the hash algorithm MSMQ uses to authenticate the message, set PROPID_M_HASH_ALG (the default algorithm is CALG_MD5).
   
   
7. If you want MSMQ to return an acknowledgment to show that the message reached the queue or was retreived, set PROPID_M_ACKNOWLEDGE to MQMSG_ACKNOWLEDGMENT_FULL_REACH_QUEUE | MQMSG_ACKNOWLEDGMENT_NACK_REACH_QUEUE | MQMSG_ACKNOWLEDGMENT_FULL_RECEIVE | MQMSG_ACKNOWLEDGMENT_NACK_RECEIVE
   
   
8. Send the message.

After the message is sent, the remaining work is done by MSMQ. For information on what MSMQ does to authenticate the message, see How MSMQ Authenticates Messages.

To receive an authenticated message

• When reading the message in the queue, verify that PROPID_M_AUTHENTICATED is set to 1. If it is set to 0, the message was not signed and it is up to the receiving application to decide whether to use the message.

When a message is authenticated (PROPID_M_AUTHENTICATED = 1) using an external certificate, MSMQ guarantees that the owner of the certificate (as specified in the certificate) sent the message, that no one tampered with the message, and that the SID is correct if the SID (PROPID_M_SENDERID) was passed with the message.

Note MSMQ does not validate the external certificate. The receiving application must perform any validation requirements on the certificate before using an authenticated message. MSMQ generates the digital signature of a message when it is sent and verifies the digital signature when the message is received, but does not validate the certificate itself.

© 1997 by Microsoft Corporation. All rights reserved.