Configuring TeamCity to use HTTPS

How to setup TeamCity (tested with versions 8 and 9 on Windows) with https with not valid certificate.

HTTPS


Official TeamCity 9 documentation “Using HTTPS to access TeamCity server“.

1. Generate a key that is compatible with Java
Java has it’s own key generation tool called keytool. It is placed in jdk/bin folder.
Run it with a *.jks file as a keystore parameter. This file will contain new generated certificate.

C:\>keytool -genkey -alias teamcity -keyalg RSA -keystore c:\TeamCity\teamcity.jks
Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  Mikael Chudinov
What is the name of your organizational unit?
  [Unknown]:  System
What is the name of your organization?
  [Unknown]:  Datametrix
What is the name of your City or Locality?
  [Unknown]:  Oslo
What is the name of your State or Province?
  [Unknown]:  Oslo
What is the two-letter country code for this unit?
  [Unknown]:  NO
Is CN=Mikael Chudinov, OU=System, O=Datametrix, L=Oslo, ST=Oslo, C=NO correct?
  [no]:  yes

Enter key password for <teamcity>
        (RETURN if same as keystore password):

 

There is a nice GUI tool called Key Store Explorer that can create and store Java keys for us.
Key Store Explorer Stored key can be verified with this tool.

2. Change TeamCity server configuration
Http(s) connection is configured via %TEAMCITY%\conf\server.xml file
Change Connector parameters and use attribute keystoreFile for file with the generated key.

<Connector port="8080" 
protocol="org.apache.coyote.http11.Http11NioProtocol" 
redirectPort="443" />

<Connector port="443" 
protocol="org.apache.coyote.http11.Http11NioProtocol"
		SSLEnabled="true"
		scheme="https" secure="true"
		connectionTimeout="60000"
		redirectPort="8543"
		clientAuth="false"
		sslProtocol="TLS" 
		useBodyEncodingForURI="true"
		keystoreFile="c:\TeamCity\teamcity.jks" keystorePass="datametrix" />

 

3. Change TeamCity Server URL setting
Login to TeamCity web interface as an administrator.
Under Administration -> Global Settongs -> Server Administration -> Server Url
Write a new URL using https there.

TeamCity_https

Restart TeamCity server.