Updated: Enabling SSL/HTTPS on Team Foundation Server 2010 RTM

Not too long ago I posted a set of instructions on how to setup SSL/HTTPS for TFS 2010 RTM (here).  But it had a few short comings, ie. Report Server was not over SSL and TFS had no idea the Sharepoint was running over SSL either or even the FQDN I was using for the site.  Since then I’ve been hacking away at trying to fix those short comings and as far as I can tell everything seems to be functioning now.  Instead of completely editing the old post, I’ll just give a new straight forward set of instructions.

Prerequisites:

  1. Have the basic TFS install completed along with the configuration.
  2. FQDN you would like to use, for this example I will be using “mycompany.com”
  3. A certificate from a Microsoft Certificate Services Server (this cannot be a self-signed certificate because Visual Studio Team Explorer will not accept it)
    To request the certificate from Microsoft Certificate Services use the following steps:

  • Open up the IIS Manager and select the server
  • Select “Server Certificate”
  • In the Actions pane > select “Create Domain Certificate”
  • Follow the steps in the “Create Certificate” dialog.

Here is some basic information I’ll be using during this guide:

Server Name: tfs-server
FQDN: mycompany.com
Certificate Name: tfs-cert

 

Steps:

Configure Sharepoint:
  • Open up SharePoint Administrator
  • Navigate to the “Operations” tab  
  • Select “Alternate Access Mappings”sharepoint1 
  • Click on “Edit Public URLs”sharepoint2
  • Select the “Default Web Site”sharepoint3 sharepoint4 sharepoint5
  • Change the “Default” from “http://tfs-server” to “https://mycompany.com”sharepoint6
  • Click “Save”
  • That should be it with Sharepoint Administrator.
  • One last thing is that we need to test the site.  When I did the initial configuration I was unable to navigate to the Sharepoint site from the server it self but was able to from client machines.  The site would prompt me for credentials over and over but would not let me into the site.  So just open a browser from the server and try to navigate to “https://mycompany.com/sites/defaultcollection”.  If that doesn’t work then you need to follow the next step, otherwise you are complete.
  • I came across this blog post that describes the very problem.  In the end I had to disable the loopback check, but different solutions may solve your problem.
Configure Reporting Services:
  • Open up “Reporting Services Configuration Manager”
  • Select “Web Service URL”
  • In the right panel, select “tfs-cert” as the SSL Certificate and 443 as the SSL Port.reporting1
  • Select Apply
  • Select “Report Manager URL”
  • In the right panel, select “Advanced”reporting2
  • In the “Advanced Multiple Web Site Configuration” window that pops up click “Add” under the “Multiple SSL Identities for Report Manager”reporting3
  • The “Add a Report Manager SSL Binding” window will pop-up, just select “tfs-cert” and it will automatically get the URL from the certificate.reporting4
  • Click “OK” until you get back to the main Reporting Services Configuration window.
  • That should be it for the Reporting Services Configuration.
Configure IIS:
  • Open IIS Manager, you should see something similar to the image below in your left panel.
    iis1
  • Select “Default Web Site” and select “Bindings” in the Action Pane.iis2
  • Click “Add” in the “Site Bindings” pop-up.
  • Change the following values:
    Type: https
    Port: 443
    SSL Certificate: tfs-cert

    iis3

  • Click “Ok” in the Add Site Binding and “Close” in “Site Bindings”
  • You will need to perform the same steps for the “Team Foundation Server” website except use port 8088 instead of 443.
  • That will be it for IIS Manager.
Configure Firewall:

You will need to ensure that your firewall is allowing 443 and 8088 in.

Configure TFS
  • Open up “Team Foundation Server Administration Console”
  • Navigate to the "Application Tier"
  • In the right pane, select "Change URLs".
  • In the "Change URLs" pop up, change the Notification URL to “https://mycompany.com:8088/tfs"tfs
  • Click “Ok”, we are finished configuring the Application Tier.
  • Navigate to the “Sharepoint Web Applications”
  • In the right pane, select the “http://tfs-server” application and click “Change”tfs1
  • Change the values in the “Sharepoint Web Application Settings”tfs2
    Friendly Name: mycompany.com
    Web Application URL: https://mycompany.com
    Central Administration URL: http://tfs-server:17012
    Default Location: sites
  • Navigate to “Reporting” in the left pane.
  • In the right pane select “Edit”tfs3
  • The “Reporting” window will popup.  Select the “Reports” tab.
  • Select the “Populate URLs”, this will cause the drop downs in the tab to refresh with what the Report Server has configured.
    tfs4
  • Change the drop downs in the URL section to the https addresses that were created earlier.
    Web Service: https://mycompany.com/reportserver
    Report Manager: https://mycompany.com/reports
  • Once you click “Ok”, be sure to click “Start Jobs” in the Reporting pane.

Congratulations!  You have finished the configuration.  Enjoy!

 

Update (5/18/2010): Thanks to the comment by Jason, I have added an extra step to configure the Application Tier in the TFS Administration Console.