howto setup client certificates on TFS 2008?

יום רביעי 09 יולי 2008 11:48

0

Are there any procedure guides detailing how to setup client certificates on TFS 2008?

כל התגובות

יום רביעי 09 יולי 2008 19:05

0

I am also looking for this information.

I saw on the feature list support for client certificates here:
http://blogs.msdn.com/bharry/archive/2007/08/08/final-tfs-2008-feature-list.aspx

But the docs just mention it in passing.

Thanks!
יום חמישי 10 יולי 2008 22:08

0

What thing that I could say is to install Certificate authority on a different server, not on TFS if you want to access TFS by the web with a FQDN.
יום חמישי 10 יולי 2008 22:30

0

I'm not sure I understand what you are suggesting. We certainly have an Enterprise PKI infrastructure that isn't even completely windows based, let alone installed on the TFS Server.

All our TFS sites are setup to use FQDN's.

later,

jason
יום שני 14 יולי 2008 13:10

0

Would someone from Microsoft please answer the original question?
יום חמישי 04 ספטמבר 2008 17:37

מנחה דיון

0

HI Jason,

Sorry it’s taken so long to respond.

Unfortunately, there is not a single document that covers this scenario.

The first step is get SSL working for TFS:

http://msdn2.microsoft.com/en-us/library/aa833873.aspx

The next step is to get the client certificates working with IIS and IE

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/096519f4-3079-4571-9d28-8e5d286c5ab9.mspx?mfr=true

http://msdn2.microsoft.com/en-us/library/aa302412.aspx

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/559bb9d5-0515-4397-83e0-c403c5ed86fe.mspx?mfr=true

After that is all set up, it’s time to setup TFS. On the server, you need to run tfsadminutil configureconnections in order to update the various .config files.

http://msdn2.microsoft.com/en-us/library/bb778396.aspx

Next, on the clients you can run tfpt tweakui from the Orcas Power Tools in order to configure the client certificates.

http://msdn2.microsoft.com/en-us/tfs2008/bb980963.aspx

http://teamsystemrocks.com/blogs/barbilor/archive/2007/12/30/3058.aspx

If you should happen to hit problems with WSS file upload, checkins, and work item attachments (specifically a 413 error), you need to set SSLAlwaysNegoClientCert and maybe UploadReadAheadSize on the WSS and AT/Proxy servers:

http://technet2.microsoft.com/WindowsServer/en/library/0ef55842-24d2-4060-bb98-d69e2877a6671033.mspx?mfr=true

http://technet2.microsoft.com/windowsserver/en/library/5eb7528e-bd87-49ac-8950-f73c085cea671033.mspx?mfr=true

http://technet2.microsoft.com/windowsserver/en/library/26450c1c-35cf-41ef-9d81-e543853d10ab1033.mspx?mfr=true

You should be sure to test both small and large checkins and file attachments.

Let me know if I can be of any further help,

--Aaron
יום שישי 19 ספטמבר 2008 14:17

מנחה דיון

0

Hi Jason,

Since we haven’t heard from you in a while, we are assuming that your problem has been successfully answered. If this is not the case, please let us know. (Also, if the marked solution did not solve your question and you don’t have any time to provide us with more information right now, let us know and we’ll change the status of this question to comment.) In either case, if you have any more setup questions, feel free to ask in a new thread.

Good Luck,

--Aaron