Enabling Secure Sockets Layer (SSL) on Team Foundation Server 2010

I recently attempted to enable HTTPS on my Team Foundation Server.

Easy right? Just add a HTTPS binding to the tfs website.

Actually, it’s a bit trickier than that, you see, TFS2010 likes to use your local machine name for internal communications by default. In order to get the web UI to play nicely, you have 2 options.

  1. Add a HTTPS binding for the machine name to the TFS Website too (e.g. https://tfsbox)
  2. Add the tfs binding into the web config (e.g. https://tfs.mydomain.com)

After I got #1 working, I pursued the ideal solution, which was option #2.

To do this, follow these steps:

  1. Open “Application Tier/Web Access/Web/web.config” in the TFS directory
  2. Find the <tfsServers> block
  3. Add in a <clear /> tag to prevent any incorrect or old bindings from being included
  4. Add in your server like so <add name=”https://tfs.mydomain.com/tfs” />

At the end, you should end up with something that looks like this:

    <clear />
    <add name="https://tfs.mydomain.com/tfs" />

Without this, you’ll keep on getting the error “TFS30063: You are not authorized to access ‘tfs.mydomain.com'” and similar errors everywhere from the Web UI, all the way through to the Change URL screen in the Team Foundation Server Administration Console.

IMPORTANT NOTE: You’ll notice that there was already a commented sample server in the web.config. It’s important that you either ignore this line, or correct it, as it will be missing the trailing /tfs that is required to get everything working.