|
This document describes how to configure various TeamCity server clients to use HTTPS for communicating with the server. We assume that you have already configured HTTPS in your web server. See how to do this for Tomcat here: http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html. If your certificate is valid (i.e. it was signed by a well known Certificate Authority like Verisign), then TeamCity clients should work with HTTPS without any additional configuration. All you have to do is to use https:// links to the TeamCity server instead of http://. If your certificate is not valid:
Authenticating from IDE plugin with help of client certificateTo authenticate from IDEA/Eclipse plugin using client certificate you should: 1. Export client certificate to pem format. For example, with help of Openssl: openssl.exe pkcs12 -in cert.p12 -out cert.pem 2. Extract root certificate (certificate having the same issuer and subject fields) from pem file to separate file. The file should be looking like: -----BEGIN CERTIFICATE----- MIIGUjCCBDqgAwIBAgIEAKmKxzANBgkqhkiG9w0BAQQFADBwMRUwEwYDVQQDEwxK ... -----END CERTIFICATE----- 3. Import it with help of the following command: keytool -import -trustcacerts -file root.pem -alias <root key alias, optional> -keystore <path to trust keystore file>
4. With help of Java 1.6 keytool create your own keystore on the base of p12 file (Java versions prior to 1.6 do not understand files in p12 format): keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore <path to your keystore> -srckeystore cert.p12 -srcstoretype PKCS12 -srcstorepass <password> -alias 1 -destalias <your key name in keystore> 5. If you are using IDEA plugin add the following to the idea.exe.vmoptions file: -Djavax.net.ssl.keyStore=<path to your keystore> -Djavax.net.ssl.trustStore=<path to trust keystore> -Djavax.net.ssl.keyStorePassword=changeit In case of Eclipse plugin pass these properties to the Eclipse. Restart your IDE and try to authenticate in TeamCity. |