How to setup TeamCity (tested with versions 8 and 9 on Windows) with https with not valid certificate.
Official TeamCity 9 documentation “Using HTTPS to access TeamCity server“.
1. Generate a key that is compatible with Java
Java has it’s own key generation tool called keytool. It is placed in jdk/bin folder.
Run it with a *.jks file as a keystore parameter. This file will contain new generated certificate.
C:\>keytool -genkey -alias teamcity -keyalg RSA -keystore c:\TeamCity\teamcity.jks Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: Mikael Chudinov What is the name of your organizational unit? [Unknown]: System What is the name of your organization? [Unknown]: Datametrix What is the name of your City or Locality? [Unknown]: Oslo What is the name of your State or Province? [Unknown]: Oslo What is the two-letter country code for this unit? [Unknown]: NO Is CN=Mikael Chudinov, OU=System, O=Datametrix, L=Oslo, ST=Oslo, C=NO correct? [no]: yes Enter key password for <teamcity> (RETURN if same as keystore password):
There is a nice GUI tool called Key Store Explorer that can create and store Java keys for us.
Stored key can be verified with this tool.
2. Change TeamCity server configuration
Http(s) connection is configured via %TEAMCITY%\conf\server.xml file
Change Connector parameters and use attribute keystoreFile for file with the generated key.
<Connector port="8080" protocol="org.apache.coyote.http11.Http11NioProtocol" redirectPort="443" /> <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" scheme="https" secure="true" connectionTimeout="60000" redirectPort="8543" clientAuth="false" sslProtocol="TLS" useBodyEncodingForURI="true" keystoreFile="c:\TeamCity\teamcity.jks" keystorePass="datametrix" />
3. Change TeamCity Server URL setting
Login to TeamCity web interface as an administrator.
Under Administration -> Global Settongs -> Server Administration -> Server Url
Write a new URL using https there.
Restart TeamCity server.