Everything you want to know about Visual Studio ALM and Farming
Brian Harry is a Microsoft Technical Fellow working as the Product Unit Manager for Team Foundation Server. Learn more about Brian.
More videos »
A portion of our very security conscious customers want to be able to configure their TFS server to require client certificates. Client certificates allow an additional level of security on top of user name and password that ensures that the computer terminal being used has security clearance - through a cryptographic certificate. The first requests we got for this feature were from the U.S. government but since then we've had other requests as well.
Unfortunately configuring it properly is a bit tricky. As such, we've recent produced a document on how to do it: http://msdn.microsoft.com/en-us/library/dd407788.aspx
If you want to enable client certificate with TFS, this document is a must read.
Brian
My latest in a series of the weekly, or more often, summary of interesting links I come across related to Visual Studio. Justin Etheredge wrote a nice overview of overflow checking in c# and explains how to enable this for certain statements and project
TFS supports client credentials security, where a user must enter a valid username and password in order
Tiago Pascoal on Malevich - A new code review system Wes MacDonald on TFS 2008 - HP Quality Center (QC
Will Aaron Block be updating the doc for TFS 2010? thanks!
I believe he has a new doc. I've forwarded him the request to see if I can get a link to it.
Hi Steve,
The docs haven't been updated yet. That being said, the TFS-specific steps for client certificates are much simpler, and the non-TFS-specific steps are basically the same.
So, if you are reading through msdn.microsoft.com/.../dd407788.aspx Steps 1-4 are the same. You can skip Steps 5 & 6 (TFS 2010 will automatically detect if client certificates are present and required on both the client and server, then choose an acceptable certificate.) Steps 7 &8 are the same as in the document.
If you don't want to let TFS automatically choose a certificate, you can get more fine-grained control using the commandline "tfsconfig Certificates". That being said, you probably shouldn't need to use that command.
--Aaron
Aaron,
Thanks! I'll try it out right now!
-Steve
Followup...What are the steps to get TFSBuild configured to require client certificates as well. I'm getting stuck with the Controllor failing to connect. "An SSL trust relationship could not be established with the server."