I'm again writing about MSMQ failing to send messages over HTTPS.
One quick test that people use to check that the certificate is OK is to browse the server over SSL with Internet Explorer. usually this will work and the problem will then be assumed one of MSMQ's making. Unfortunately it is not as simple as that as there are multiple certificate stores available on the machine. Internet Explorer takes certificates from both the "Current User" and "Local Computer" personal stores but MSMQ only makes use of the "Local Computer" store.
To be able to see the difference:
- Run MMC.EXE to bring up the Microsoft Management Console.
- Choose Add/remove Snap-in from the File Menu
- Highlight "Certificates" and press "Add"
- Select "My user account" and press "Finish"
- Highlight "Certificates" again and press "Add"
- Select "Computer account" and press "Finish"
- Press OK to get a layout as follows:
To see if there are any important differences, compare
Certificates - Current User -> Trusted Root Certification Authorities -> Certificates.
Certificates (Local Computer) -> Trusted Root Certification Authorities -> Certificates.
If the certificate for the CA that issued the web server certificate is listed for the Current User but not the Local Computer then copy it into the Local Computer Trusted Root CA Certificates folder. You can drag-and-drop in the MMC console to copy certificates.