howto setup client certificates on TFS 2008?

Wednesday, July 09, 2008 11:48 AM

0

Are there any procedure guides detailing how to setup client certificates on TFS 2008?

All Replies

Wednesday, July 09, 2008 7:05 PM

0

I am also looking for this information.

I saw on the feature list support for client certificates here:
http://blogs.msdn.com/bharry/archive/2007/08/08/final-tfs-2008-feature-list.aspx

But the docs just mention it in passing.

Thanks!
Thursday, July 10, 2008 10:08 PM

0

What thing that I could say is to install Certificate authority on a different server, not on TFS if you want to access TFS by the web with a FQDN.
Thursday, July 10, 2008 10:30 PM

0

I'm not sure I understand what you are suggesting. We certainly have an Enterprise PKI infrastructure that isn't even completely windows based, let alone installed on the TFS Server.

All our TFS sites are setup to use FQDN's.

later,

jason
Monday, July 14, 2008 1:10 PM

0

Would someone from Microsoft please answer the original question?
Thursday, September 04, 2008 5:37 PM

Moderator

0

HI Jason,

Sorry it’s taken so long to respond.

Unfortunately, there is not a single document that covers this scenario.

The first step is get SSL working for TFS:

http://msdn2.microsoft.com/en-us/library/aa833873.aspx

The next step is to get the client certificates working with IIS and IE

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/096519f4-3079-4571-9d28-8e5d286c5ab9.mspx?mfr=true

http://msdn2.microsoft.com/en-us/library/aa302412.aspx

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/559bb9d5-0515-4397-83e0-c403c5ed86fe.mspx?mfr=true

After that is all set up, it’s time to setup TFS. On the server, you need to run tfsadminutil configureconnections in order to update the various .config files.

http://msdn2.microsoft.com/en-us/library/bb778396.aspx

Next, on the clients you can run tfpt tweakui from the Orcas Power Tools in order to configure the client certificates.

http://msdn2.microsoft.com/en-us/tfs2008/bb980963.aspx

http://teamsystemrocks.com/blogs/barbilor/archive/2007/12/30/3058.aspx

If you should happen to hit problems with WSS file upload, checkins, and work item attachments (specifically a 413 error), you need to set SSLAlwaysNegoClientCert and maybe UploadReadAheadSize on the WSS and AT/Proxy servers:

http://technet2.microsoft.com/WindowsServer/en/library/0ef55842-24d2-4060-bb98-d69e2877a6671033.mspx?mfr=true

http://technet2.microsoft.com/windowsserver/en/library/5eb7528e-bd87-49ac-8950-f73c085cea671033.mspx?mfr=true

http://technet2.microsoft.com/windowsserver/en/library/26450c1c-35cf-41ef-9d81-e543853d10ab1033.mspx?mfr=true

You should be sure to test both small and large checkins and file attachments.

Let me know if I can be of any further help,

--Aaron
Friday, September 19, 2008 2:17 PM

Moderator

0

Hi Jason,

Since we haven’t heard from you in a while, we are assuming that your problem has been successfully answered. If this is not the case, please let us know. (Also, if the marked solution did not solve your question and you don’t have any time to provide us with more information right now, let us know and we’ll change the status of this question to comment.) In either case, if you have any more setup questions, feel free to ask in a new thread.

Good Luck,

--Aaron