MSDN has long had a document on Setting up Team Foundation Server to Require HTTPS and Secure Sockets Layer (SSL). It is geared specifically to Windows Server 2003 and IIS 6 though, as the OS and IIS platforms. Ruidong Li (a senior support engineer on our TFS config support team) went through that document recently and updated it with Windows Server 2008 / IIS 7 in mind. It is attached here for your reference. Please let us know if you find it useful or have any comments\corrections.
Cool information ... I was needed a couple of weeks ago, but is good to know that we'll have it on MSDN.
Hi, I have one problom during this steps.
1. In IIS I'm creating new certificate request
2. I can't see it in the CA and if I'm trying to add new request in CA selecting txt file I've saved before in ISS, but it shows an error "The request does not contains template imformation..." Have any idea ?
I am not sure about the steps you have completed already and which step is actually giving you the issue.
But first the certificate request has to be submitted to a CA (local or known CAs such as VeriSign). After the certificate is received, then it has to be installed and the process should be completed to bind the certificate in IIS.
There are also 2 known issues in the complete certificate process in IIS7 that you should know about:
959216 Error message when you try to install a certificate by using IIS 7.0 Manager: "Cannot find the certificate request associated with this certificate file"
931204 Error message when you complete a certificate request in Internet Information Services 7.0: "Cannot find the certificate request associated with this certificate file"
One more question:
I can't connect to TFS server from clients PC using Visual Studio.
When I use IE: https://add:443/tfs I can log in and view the list of project collections(I also installed certificate), but using MS Visual Studio -> Connect to team foundation server I got an error: Could not establish trust relationship for the SSL/TLS secure chanel.
Why it happens so? Can I somehow point him to use the certificate I have installed?
When I'm trying to access server using IE it says that certificate cannot be recognized as trusted even after I installed this one. Maybe there is a solution how to make it to be trusted? Now I can see it works fine only locally on server machine.
It seems you are having some specific issues. Generally the steps we published work, but in some cases we need a bit of troubleshooting. We're glad to help further, but we'll need to do it via support channels now. Please go here to open a support case and we will fix you up!
NOTE: SP1 is a prerequisite for support of TFS now. If that is not applied already, that will be the first step.