Wednesday, July 09, 2008 11:48 AM
Are there any procedure guides detailing how to setup client certificates on TFS 2008?
Wednesday, July 09, 2008 7:05 PM
I am also looking for this information.
I saw on the feature list support for client certificates here:
But the docs just mention it in passing.
Thursday, July 10, 2008 10:08 PM
What thing that I could say is to install Certificate authority on a different server, not on TFS if you want to access TFS by the web with a FQDN.
Thursday, July 10, 2008 10:30 PM
I'm not sure I understand what you are suggesting. We certainly have an Enterprise PKI infrastructure that isn't even completely windows based, let alone installed on the TFS Server.
All our TFS sites are setup to use FQDN's.
Monday, July 14, 2008 1:10 PM
Would someone from Microsoft please answer the original question?
Thursday, September 04, 2008 5:37 PMModerator
Sorry it’s taken so long to respond.
Unfortunately, there is not a single document that covers this scenario.
The first step is get SSL working for TFS:
The next step is to get the client certificates working with IIS and IE
After that is all set up, it’s time to setup TFS. On the server, you need to run tfsadminutil configureconnections in order to update the various .config files.
Next, on the clients you can run tfpt tweakui from the Orcas Power Tools in order to configure the client certificates.
If you should happen to hit problems with WSS file upload, checkins, and work item attachments (specifically a 413 error), you need to set SSLAlwaysNegoClientCert and maybe UploadReadAheadSize on the WSS and AT/Proxy servers:
You should be sure to test both small and large checkins and file attachments.
Let me know if I can be of any further help,
Friday, September 19, 2008 2:17 PMModerator
Since we haven’t heard from you in a while, we are assuming that your problem has been successfully answered. If this is not the case, please let us know. (Also, if the marked solution did not solve your question and you don’t have any time to provide us with more information right now, let us know and we’ll change the status of this question to comment.) In either case, if you have any more setup questions, feel free to ask in a new thread.