How to configure TeamCity for HTTPS access only using the Windows Server installation

I have a TeamCity installation on a Windows Server I am trying to set up to allow https access for non-local team members.  This is the first time I have done this and I am getting confused by the documentation from TeamCity and Apache.

I have a SSL cert generated from a trusted global ca but I am seemingly unable to figure out what I am doing wrong.

I followed the directions here http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html.

I generated a keystore.  I imported my gobal ca's intermediate certificate into the keystore and I imported my certificate into the keystore.

I added a connector to the server.xml file to point to my keystore.

<Connector port="8543" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               keystoreFile="<user profile>\.keystore"
               keystorePass="<password>"
               clientAuth="false" sslProtocol="TLS" />

However, when I visit my site on port 8543 my browser tells me something is wrong with my certificate.

I have a feeling I have really missed something.  Thoughts?

3 comments
Comment actions Permalink

Hi Adam

The configurations seems correct.
Recheck why exactly a browser rejects the certificate, and consult with its provider.

Michael

0
Comment actions Permalink

Michael,

Quick question about the config settings.  I've been reading about SSL in tomcat and I see something that says I need to change some httpd.conf or SSL.conf files or something wih the following:

SSLEngine on
SSLCertificateFile /path/to/your/apacheconf/ssl.crt/server.crt
SSLCertificateKeyFile /path/to/your/apacheconf/ssl.key/server.key

Do I need to do this with TeamCity's webserver?  If so, where do I find the file specifically I need to change.  I've searched through the TeamCity installation directory and can't find any such file(s).  If not, I'll try it again and check with the certificate provider.

Thanks,
Adam

0
Comment actions Permalink

They are settings for Apache HTTP Server. This is different tool, so i don't think it's related.
Check for errors in a browser - this is a key for further troubleshooting.

Michael

0

Please sign in to leave a comment.