TeamCity 4.0 Help

Using HTTPS to access TeamCity server

This document describes how to configure various TeamCity server clients to use HTTPS for communicating with the server. We assume that you have already configured HTTPS in your web server. See how to do this for Tomcat here: http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html.

If your certificate is valid (i.e. it was signed by a well known Certificate Authority like Verisign), then TeamCity clients should work with HTTPS without any additional configuration. All you have to do is to use https:// links to the TeamCity server instead of http://.

If your certificate is not valid:

  • To enable HTTPS connections from TeamCity Visual Studio plugin and Tray notifier, point your Internet Explorer to the TeamCity server using https:// URL and import the server certificate into the browser. After that Visual Studio Plugin and Windows Tray Notifier should be able to connect by HTTPS.

  • To enable HTTPS connections from Java clients, save server certificate to a file, and then import it into the corresponding Java keystore using keytool program. By default, Java keystore is protected by password: changeit

  • For Build Agent import certificate, use the following command: {{keytool -importcert -file <cert file> -keystore <agent installation path>/jre/lib/security/cacerts {}}}

  • For IntelliJ IDEA Plugin: {{keytool -importcert -file <cert file> -keystore <path to JDK used by IntelliJ IDEA>/jre/lib/security/cacerts {}}}

  • For Eclipse Plugin: {{keytool -importcert -file <cert file> -keystore <path to JDK used by Eclipse>/jre/lib/security/cacerts {}}}

Authenticating from IDE plugin with help of client certificate

To authenticate from IDEA/Eclipse plugin using client certificate you should:

1. Export client certificate to pem format. For example, with help of Openssl:

openssl.exe pkcs12 -in cert.p12 -out cert.pem

2. Extract root certificate (certificate having the same issuer and subject fields) from pem file to separate file. The file should be looking like:

-----BEGIN CERTIFICATE----- MIIGUjCCBDqgAwIBAgIEAKmKxzANBgkqhkiG9w0BAQQFADBwMRUwEwYDVQQDEwxK ... -----END CERTIFICATE-----

3. Import it with help of the following command:

keytool -import -trustcacerts -file root.pem -alias <root key alias, optional> -keystore <path to trust keystore file>

4. With help of Java 1.6 keytool create your own keystore on the base of p12 file (Java versions prior to 1.6 do not understand files in p12 format):

keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore <path to your keystore> -srckeystore cert.p12 -srcstoretype PKCS12 -srcstorepass <password> -alias 1 -destalias <your key name in keystore>

5. If you are using IDEA plugin add the following to the idea.exe.vmoptions file:

-Djavax.net.ssl.keyStore=<path to your keystore> -Djavax.net.ssl.trustStore=<path to trust keystore> -Djavax.net.ssl.keyStorePassword=changeit

In case of Eclipse plugin pass these properties to the Eclipse. Restart your IDE and try to authenticate in TeamCity.

Last modified: 20 April 2023
Setting up Google Mail and Google Talk as Notification Servers TeamCity Disk Space Watcher