locked
Problem with SSL on internal TFS server RRS feed

  • Question

  • I am trying to setup SSL for both internal (intranet) and external (internet) users for TFS.  TFS is hosted on server oranprodtfs.  External user hit our reverse proxy.  our external DNS is  tfs2010.domainname.com.au, this gets resolved at our external DNS and our reverse proxy directs traffic to our internal server oranprodtfs.  Work like magic no problems.  The problem is the reverse proxy issue the certificate for our DNS of tfs2010.domainname.com.au, this works fine when external users then import the certificate manually, they will no longer receive the certificate error.  Problem is for internal users.  They will still receive the certificate error when they point there URL to https://tfs2010.domainname.com.au, they get an error because of course the certificate does not match the server, the server on our internak server says oranprodtfs.  What can I do to make SSL work both internal and external?  As you know alerts in TFS send out alerts with one defined URL, hense why internal users can not simply go to our internal URL site.
    Friday, March 4, 2011 12:30 AM

Answers

  • Found a solution myself.  I followed these intrustions to product a CN on the server

    https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR885

    This will produce a self signed certificate for our internal server.  I  have then requested that our reverse proxy also generate a certificate for the servername.

    i.e the internal server is call

    servername.domainname.com

    now our external URL on our reverse proxy now generates an external certificate for also for

    servername.domainname.com

    Works fine now.

    • Marked as answer by Tumatawhero Sunday, March 6, 2011 10:07 PM
    Sunday, March 6, 2011 10:07 PM

All replies