Setting up Team Foundation Server 2008 for HTTPS / SSL

There has long been a walkthrough available on MSDN for accomplishing this task. We in support have found however that while this ‘official’ walkthrough is quite helpful, it is lacking in some areas and is missing some key items. Over the course of several support issues with customers who have tried to follow this walkthrough, we have updated it and made additions, creating what we feel is a more complete guide through the process. We are presenting it here for your viewing pleasure.

This document / BLOG post may be updated from time to time as we need to make adjustments to the document. We also hope to have this document up on MSDN in its entirety very soon.

I’d like to take this opportunity to thank Wendell Philips for compiling this into one document. Great job, Wendell!

Enjoy, and please… let us know if you have any suggestions/additions/changes/etc. as you work through the process (via the comments on this BLOG).

Trevor Hancock


Comments (7)

  1. Lenny Giambalvo says:

    I have also setup my TFS instance to use SSL for internet connections however I did not select digest or basic authentication. I am just using windows authentication. My system seems to be functioning correctly however I just want to be sure that I did not break anything. Comments?

  2. CSSTFSBLOG says:

    Typically, the windows credentials are stripped off during calls passing through internet routers, proxies, etc so using Windows Authentication over the Internet is not reliable.

    Basic/Digest authentication are recommended for users trying to connect from externally.

    If you are in an intranet, Windows Authentication should just work fine.

  3. John Ames says:

    I followed these steps and for some reason my Reports are not working. In Team Explorer all projects are showing a Red X on the Reports item.  

    If I try and access the reports directly via IE I’m getting this error: "The attempt to connect to the report server failed.  Check your connection information and that the report server is a compatible version."

    Any thoughts?

    Thanks, John Ames

  4. Back in October 2008 we posted an update to the “ Walkthrough: Setting up Team Foundation Server to Require

  5. Dick Brown says:

    >Basic/Digest authentication are recommended for users trying to connect from externally.

    If you are using basic authentication instead of windows integrated authentication (NTLM), shouldn’t you adjust the the reporting service configuration in order to allow this type of authentication as described in Or do I miss something?

  6. Krishnamurthy says:

    Dear Team,

    I am looking for a solution where people from local (LAN) will access TFS 2008 using HTTP protocol (TFS port: 8080) and people from remote location will access TFS 2008 using HTTPS protocol (TFS port: 443).

    Is it possible? I dont want everyone to connect to TFS using HTTPS protocol.

    Awaiting for your earliest response

    Kindly help me to locate the documentation.

    Thanks & Regards,


  7. Wendell Phillips says:

    Yes, you can use the capabilities of the ISAPI filter for TFS to let certain network segments use HTTP and others use HTTPS.  See this post

    for a great explnation of setting up the filter.


Skip to main content