To prevent tampering with a message, it can be signed with a certificate to guarantee it is authentic. The BizTalk Server uses a private key to sign outgoing messages. The signing of messages can be achieved by using the standard encoding component (MIME/SMIME) in the send pipeline. The encoding component then needs to be configured to sign all outgoing messages. The signing key and certificate that are used to sign the outgoing message are retrieved from the personal certificate store for the host service account where the pipeline is running.

The following table describes the keys and certificates that need to be installed to sign and verify messages: