Enabling SSL/HTTPS on Team Foundation Server 2010 RTM

Update: I’ve been working on some of the issues from this guide and figured out a good portion of them.  Please take a look at my updated guide here.

I’ve found lots of guides on the internet on setting up SSL/HTTPS on Team Foundation Server 2008, but not much on 2010 RTM.  It’s pretty much the same process but I had to figure a few things out differently because of IIS7 and just my personal preferences.

First of all, if you are using Visual Studio 2008 you will need to make sure you have the following (doesn’t really have anything to do with enabling SSL/HTTPS, but you’ll need it to connect to TFS 2010 anyways):

  • Download and install the Visual Studio Team System 2008 Service Pack 1 Forward Compatibility Update for Team Foundation Server 2010 (Installer) found here.  Fun little name isn’t it?
  • Ensure that you’ve installed Visual Studio 2008 SP1 after installing TFS Team Explorer.
      You’ll first need two SSL certifications, one for SharePoint and one for TFS application layer.  It maybe possible to use one SSL certification but I like to have two so i can give each a different address.  Ex. mycompany.com and mycompanysource.com.  First I tried using two self-signed certificates but that didn’t work because Team Explorer doesn’t like self-signed certificates, but the certificate for SharePoint can use a self-signed certificate.  We used Microsoft Certificate Services to provide the certificate necessary for the TFS application layer.
      To request the certificate from Microsoft Certificate Services use the following steps:
  • Open up the IIS Manager and select the server
  • Select “Server Certificate”
  • In the Actions pane > select “Create Domain Certificate”
  • Follow the steps in the “Create Certificate” dialog.
    Once you have your two certificates, follow the next configuration steps:
Configure IIS
  • Open IIS Manager and select the server
  • Expand the “Sites”, you should see a list similar to the following
    iismanager1
    Default Web Site = SharePoint Site
    Team Foundation Sever = TFS Application Layer
    SharePoint redirector = redirector for SharePoint (I’ll explain later)
  • Select the “Default Web Site”
  • In the Actions Pane select “Bindings…”
  • In the Site Bindings window, select “Add”, which will bring up the “Edit Site Binding” page.
    iismanager2
  • Select the following:
    Type: https
    IP Address: all unassigned
    Port: 443
    SSL certificate: the certificate you created for SharePoint
  • Click “Ok”, then “Close” in the “Site Bindings” window.
  • Perform the same steps with the “Team Foundation Server” site, except use port 8088 for the port and the certificate created for the TFS application layer.
  • Close IIS Manager, we are done with it.
Configure Firewall
  • Open “Windows Firewall with Advanced Security”
  • Select ‘”Inbound Rules”
  • Find “Team Foundation Server TFSWebSite:8080”, right click and choose disable.
  • In the right Actions pane, select “New Rule”
  • In the “New Inbound rule wizard” fill the following:
    Type: Port
    TCP/UDP: TCP
    Specific local port: 8088
    Allow the Connection
    Domain,Private,Public
    Name: Name of your choice
Configure SharePoint
  • Open up the SharePoint Administrator
  • Select the “Operations” tab, then under “Global Configuration” select “Alternate Access Mappings”
    sharepoint1
  • In the “Alternate Access Mappings” select “Edit Public URLs”
  • First select the “Alternate Access Mapping Collection” and choose the “Default Web Site” in the pop-up.
  • Fill in the default and Internet addresses.
    Default: http://servername (leave default alone)
    Internet: https://mycompanysource.com
  • Click “Save”

At this point you should have SSL setup for both the TFS SharePoint sites and the TFS application layer.  In Team Explorer you should be able to add a server by entering “https://mycompanysource.com:8088/tfs” as the address.

The only thing left to do is make the SharePoint sites a bit easier to access.  Right now you would have to access the SharePoint site by going to https://mycompany.com/tfs/defaultcollection, but wouldn’t it be nice to just type mycompany.com in the address bar and be redirected?  Once you complete these final steps you should be able to do just that.

  • Open up IIS manager.
  • Select your server and right click on “Sites” and choose “Add Web Site”
  • Fill in the following information:
    Site Name: “SharePoint Redirector”
    Physical Path: doesn’t matter i use c:\inetpub
    Binding: Leave as port 80 and defaults.
  • Click “Ok”
  • Select the redirector and in the main window double-click on “HTTP Redirect”
  • Check Redirect request to destination and fill in your target destination. i.e.. https://mycompany.com/sites/defaultcollection
  • Click “Apply” in the Actions Pane

Ok that’s all I got for this post, today.  Enjoy your newly secured TFS server.

Update (4/26/2010):  Apparently there is a little funny business with accessing the report server from the outside network.  Instead of using the FQDN to get to the report server it uses the computer name.  So outside the local network it doesn’t work from the SharePoint site.  There are some steps to get it working, but I can’t quite get SharePoint over SSL to work properly on the server itself resulting in some problems with the TFS configuration tool.

First setting up SharePoint SSL slightly differently than I’ve stated above similar to the instructions here. Then the following steps are the issues.

Part of the problem is that I cannot access https://mycompany.com/tfs/defaultcollection from the server itself, but I can access it from other computers.  I believe that because of this problem changing the configuration using TFS Administration Console is a problem.  Clicking on the Grant Access button

tfs4

Fill in the information for Url for Team Foundation Server : to https://mycompanysource:8088/tfs.  Then in the “SharePoint Web Application” select the https://.. site from the drop down.  When you click on ok I get an error message saying TFS cannot access the SharePoint site.

tfs5

Once this issue with the SharePoint SSL is resolved it should also resolve configuring Reporting Services for SSL, then modifying the configuration for TFS Administration Console for SSL reporting services.

Configuring SSL for reporting services is pretty straight forward.

Open up the Reporting Services Configuration Manager and go to the “Web Service URL”.  Configure the SSL Certificate and the SSL Port.

reporting1

So one problem is sort of holding up the whole issue with configuring the server to accept the reporting services over SSL.  Anyone have any ideas, I’m open to suggestions.

Update (5/7/2010) : I’ve been working on some of the issues from this guide and figured out a good portion of them.  Please take a look at my updated guide here.

Advertisements

3 thoughts on “Enabling SSL/HTTPS on Team Foundation Server 2010 RTM

  1. Your issue with accessing SharePoint from the local server may be due to a loopback issue. It has happened to be twice on my SQL instances. This can be resolved with a registry entry change to the following:

    HKLM\System\CurrentControlSet\Control\LSA
    Then add a Reg-Dword called DisableLoopbackCheck and set the value to 1.

    I’m having trouble getting TFS config to recognize my SSL SharePoint site as valid, it won’t let me add it ot the SharePoint Configurations tab. Any ideas why that would be?

    1. When I was setting up my TFS server, I had an issue with self-signed certificates. So in the absence of buying a valid certificate from an authority, I opted to using certificates from a certificate server on my domain. That could be your problem.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s