You can use the Certificates command to change how certificates are configured for client authentication in a deployment of Visual Studio Team Foundation Server that utilizes HTTPS, secure sockets layer (SSL), and certificates. By default, the Certificates command will automatically select a client certificate from the certificate list for the current user. However, you can use the options for the command to specify a specific certificate or certificates from the current user context or from the local machine context.
Before you use the Certificates command, you must first configure the servers in your deployment of Team Foundation Server to utilize certificates.
To use the Certificates command, you must be a member of the Team Foundation Administrators security group and the local Administrators group on the computer from which you run the command. For more information, see Team Foundation Server Permissions.
Even if you log on with administrative credentials, you must open an elevated Command Prompt window to perform this function on a server that is running Windows Server 2008. To open an elevated Command Prompt window, click Start, right-click Command Prompt, and then click Run as Administrator. For more information, see this page on the Microsoft Web site: User Account Control.
TFSConfig Certificates [/machine] [/disable] [/autoSelect] [/noprompt] [/thumbprints:thumbprint1[,thumbprint2,...]]
Specifies the hexadecimal string that contains the secure hash algorithm (SHA) in SHA-1 hash form of the certificate that you want to use. For more information about how to find the thumbprint for a certificate, see the following page on the Microsoft Web site: How to: Retrieve the Thumbprint of a Certificate.
Specifies that the certificate list will be from the local machine context instead of the current user context.
Specifies that the client authentication certificate setting will be disabled.
Specifies that a certificate will be automatically selected from the certificate list. The Manage Client Certificates window will not open.
Specifies that the Manage Client Certificates window will not open when the Certificates command is run.
Specifies that the certificate that matches the specified thumbprint will be used. You can specify more than one certificate by separating individual thumbprints with a comma.
You use the Certificates command to configure the client certificates that are used by a deployment of Team Foundation Server that has been configured to use HTTPS/SSL and certificates. If you use the Certificates command with no options, a client certificate will be automatically selected from the current user context from which you run the command.
The following example shows how to specify the local machine certificate that has the thumbprint "aa bb cc dd ee" with no prompting.
The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, email address, logo, person, places, or events is intended or should be inferred.
TFSConfig Certificates /machine /thumbprint:aa bb cc dd ee /noprompt
The following example shows how to specify using automatic selection of a client certificate from the current user store.
TFSConfig Certificates /autoselect