|You are viewing documentation of TeamCity 5.x, which is not the most recent released version of TeamCity. Please refer to the listing to choose another version.|
This document describes how to configure various TeamCity server clients to use HTTPS for communicating with the server. We assume that you have already configured HTTPS in your web server.
If your certificate is valid (i.e. it was signed by a well known Certificate Authority like Verisign), then TeamCity clients should work with HTTPS without any additional configuration. All you have to do is to use https:// links to the TeamCity server instead of http://.
If your certificate is not valid:
Importing client certificate
1. If you have your certificate in p12 file, you can use the following command to convert it to a Java keystore. Make sure you use keytool from JDK 1.6 because earlier versions may not understand p12 format.
This commands extracts the certificate with alias "1" from your .p12 file and adds it to Java keystore
Here, keypass should be equal to storepass because only storepass is supplied to JVM and if keypass is different, one may get error: "java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)".
Importing root certificate to organaize a chain of trust
2. You should first extract the root certificate from your certificate. You can do this from a web browser if you have the certificate installed, or you can do this with OpenSSL tool using the command:
You should know <path to your .p12 certificate> and it's password (to enter it when prompted). You should specify new values for <path to your certificate in .pem format> and for the pem pass phrase when prompted.
3. Then you should extract the root certificate (the root certificate should have the same issuer and subject fields) from the pem file (it has text format) to a separate file. The file should look like:
Let's assume it's name is <path to root certificate>.
4. Now import the root certificate to the trusted keystore with the command:
Here you can use new values for <trust keystore path> and <trust keystore password> (or use existing trust keystore).
Now you need to pass the following parameters to the JVM when running the appllication:
For IntelliJ IDEA you can add the lines into bin\idea.exe.vmoptions file (one option per line).