Share via


Certificates Command

You can use the Certificates command to change how certificates are configured for client authentication in a deployment of Visual Studio Team Foundation Server (TFS) that utilizes HTTPS, secure sockets layer (SSL), and certificates. By default, the Certificates command will automatically select a client certificate from the certificate list for the current user. However, you can use the options for the command to specify a specific certificate or certificates from the current user context or from the local machine context.

Before you use the Certificates command, you must first configure the servers in your deployment of TFS to utilize certificates. For more information, see Setting up HTTPS with Secure Sockets Layer (SSL) for Team Foundation Server.

Required Permissions

To use the Certificates command, you must be a member of the Team Foundation Administrators security group and the local Administrators group on the computer from which you run the command. For more information, see Team Foundation Server Permissions.

Note

Even if you log on with administrative credentials, you must open an elevated Command Prompt window to perform this function.

TFSConfig Certificates [/machine] [/disable] [/autoSelect] [/noprompt] [/thumbprints:thumbprint1[,thumbprint2,...]]

Parameters

Placeholder

Description

Thumbprint

Specifies the hexadecimal string that contains the secure hash algorithm (SHA) in SHA-1 hash form of the certificate that you want to use. For more information about how to find the thumbprint for a certificate, see the following page on the Microsoft Web site: How to: Retrieve the Thumbprint of a Certificate.

Option

Description

/machine

Specifies that the certificate list will be from the local machine context instead of the current user context.

/disable

Specifies that the client authentication certificate setting will be disabled.

/autoSelect

Specifies that a certificate will be automatically selected from the certificate list. The Manage Client Certificates window will not open.

/noprompt

Specifies that the Manage Client Certificates window will not open when the Certificates command is run.

/thumbprints:thumbprint

Specifies that the certificate that matches the specified thumbprint will be used. You can specify more than one certificate by separating individual thumbprints with a comma.

Remarks

You use the Certificates command to configure the client certificates that are used by a deployment of TFS that has been configured to use HTTPS/SSL and certificates. If you use the Certificates command with no options, a client certificate will be automatically selected from the current user context from which you run the command.

Example

The following example shows how to specify the local machine certificate that has the thumbprint "aa bb cc dd ee" with no prompting.

Note

The examples are for illustration only and are fictitious. No real association is intended or inferred.

TFSConfig Certificates /machine /thumbprint:aa bb cc dd ee /noprompt

The following example shows how to specify using automatic selection of a client certificate from the current user store.

TFSConfig Certificates /autoselect

See Also

Concepts

Team Foundation Server Architecture

Examples of Complex Topology

Other Resources

Managing Server Configuration with TFSConfig