When using the MIME/SMIME Decoder Pipeline Component in BizTalk Server 2004 and 2006, you might get an error at runtime saying that "The revocation status of the certificate used to sign the message is unknown" or something to that effect.

The cause of this error is that BizTalk is trying to check for certificate revocation against the Certificate Revocation List (CRL) of the certificate authority that generated the certificate used. There are two ways to fix this problem:

The first one (and I would say preferred one in some scenarios) would be to configure things so that BizTalk can actually query the CRL. How this is done will depend on who your certificate authority is.

The second option is the easiest, though most insecure one, and is to disable CRL checking altogether. You do this by setting the "Check Certificate Revocation" property of the MIME/SMIME Decoder component to false, like this:

Once you've done this, just recompile and re-gac (or redeploy) your pipeline and you'll be all set. I would also recommend checking the BizTalk Server 2004 Technical Guide for Certificate Management document, which should provide some good practices for working with X.509 certificates in BizTalk Server.

Tomas Restrepo

Software developer located in Colombia.