Using HTTPS to access TeamCity server
This document describes how to configure various TeamCity server clients to use HTTPS for communicating with the server. We assume that you have already configured HTTPS in your web server. See how to do this for Tomcat here: http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html.
If your certificate is valid (i.e. it was signed by a well known Certificate Authority like Verisign), then TeamCity clients should work with HTTPS without any additional configuration. All you have to do is to use https://
links to the TeamCity server instead of http://
.
If your certificate is not valid:
To enable HTTPS connections from TeamCity Visual Studio plugin and Tray notifier, point your Internet Explorer to the TeamCity server using
https://
URL and import the server certificate into the browser. After that Visual Studio Plugin and Windows Tray Notifier should be able to connect by HTTPS.To enable HTTPS connections from Java clients, save server certificate to a file, and then import it into the corresponding Java keystore using
keytool
program. By default, Java keystore is protected by password:changeit
For Build Agent import certificate, use the following command: {{
keytool -importcert -file <cert file> -keystore <agent installation path>/jre/lib/security/cacerts
{}}}For IntelliJ IDEA Plugin: {{
keytool -importcert -file <cert file> -keystore <path to JDK used by IntelliJ IDEA>/jre/lib/security/cacerts
{}}}For Eclipse Plugin: {{
keytool -importcert -file <cert file> -keystore <path to JDK used by Eclipse>/jre/lib/security/cacerts
{}}}
Authenticating from IDE plugin with help of client certificate
To authenticate from IDEA/Eclipse plugin using client certificate you should:
1. Export client certificate to pem format. For example, with help of Openssl:
openssl.exe pkcs12 -in cert.p12 -out cert.pem
2. Extract root certificate (certificate having the same issuer and subject fields) from pem file to separate file. The file should be looking like:
3. Import it with help of the following command:
keytool -import -trustcacerts -file root.pem -alias <root key alias, optional> -keystore <path to trust keystore file>
4. With help of Java 1.6 keytool create your own keystore on the base of p12 file (Java versions prior to 1.6 do not understand files in p12 format):
5. If you are using IDEA plugin add the following to the idea.exe.vmoptions file:
In case of Eclipse plugin pass these properties to the Eclipse. Restart your IDE and try to authenticate in TeamCity.