TeamCity supports using HTTPS access, however they don't provide instructions for configuring this - rather they point you to a set of third-party instructions which are difficult to piece together and are not really clear for people who 1) aren't familiar with Java and 2) are running on a Windows server. So in this post, I'm documenting the steps I followed to get a TeamCity 8.1 server up and running with an SSL cert purchased from a signing authority.
Step 1: Create a PKCS#12 Cert File
If you already have a version of your cert that ends with .p12 or .pfx, you can skip this step. Otherwise, you likely have a .cert, .cer or .crt file. You'll need to convert it to PKCS#12 format using the instructions I've provided in a separate post: Converting a SSL Certificate to PKCS#12 Format on Windows
I suggest placing the file in the
/conf folder of your TeamCity installation.
Step 2: Configure the TeamCity server Connector
/conf/server.xml file in your TeamCity installation folder with your favorite text editor and find the
<Service name="Catalina"> section where it defines the
<Connector> entry. Add an entry as follows:
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="C:/your.path/TeamCity/conf/exportedCert.pfx" keystorePass="yourpassword" keystoreType="PKCS12" maxThreads="150" />
port is the listening port for HTTPS. The standard port for HTTPS is 443.
keystoreFile is the correct path to the .pfx file (hit,
Shift-Right-Click the file and choose "Copy as path". Make sure to use forward slashes in your path here, not the standard Windows back-slashes.
keystorePass is the password for the cert (change
yourpassword to your actual password)
Now save and restart the server!
If there were any issues, they will be logged into the
/log/catalina*.log file, so take a look there if things don't "just work".
Also, don't forget to set the URL in the server's configuration page so that emails, etc, use the new URL.