Configuring TeamCity for HTTPS on Windows

Header Photo Credit: Lorenzo Cafaro (Creative Commons Zero License)

TeamCity supports using HTTPS access, however they don't provide instructions for configuring this - rather they point you to a set of third-party instructions which are difficult to piece together and are not really clear for people who 1) aren't familiar with Java and 2) are running on a Windows server. So in this post, I'm documenting the steps I followed to get a TeamCity 8.1 server up and running with an SSL cert purchased from a signing authority.

Step 1: Create a PKCS#12 Cert File

If you already have a version of your cert that ends with .p12 or .pfx, you can skip this step. Otherwise, you likely have a .cert, .cer or .crt file. You'll need to convert it to PKCS#12 format using the instructions I've provided in a separate post: Converting a SSL Certificate to PKCS#12 Format on Windows

I suggest placing the file in the /conf folder of your TeamCity installation.

Step 2: Configure the TeamCity server Connector

Open the /conf/server.xml file in your TeamCity installation folder with your favorite text editor and find the <Service name="Catalina"> section where it defines the <Connector> entry. Add an entry as follows:

    <Connector port="443" 

Where: - port is the listening port for HTTPS. The standard port for HTTPS is 443. - keystoreFile is the correct path to the .pfx file (hit, Shift-Right-Click the file and choose "Copy as path". Make sure to use forward slashes in your path here, not the standard Windows back-slashes. - keystorePass is the password for the cert (change yourpassword to your actual password)

Now save and restart the server!

If there were any issues, they will be logged into the /log/catalina*.log file, so take a look there if things don't "just work".

Also, don't forget to set the URL in the server's configuration page so that emails, etc, use the new URL.