[SOLVED] TeamCity Agent Push on Linux - wget certificate error in bootstrap.sh

TeamCity fails to execute Agent Push on my Linux client, because the TeamCity Server has a self-signed certificate. I would very much like to have the certificate ignored as the wget error suggests, but the bootstrap.sh shell script being execured remotely seems to be newly generated each time in the server's temp folder, so I cannot insert the parameter before the script is pushed.

Any suggestions? Obviously, having all certificates of the servers signed is not preferred... :-)

Agent Push log:

Downloading Agent's Installation from https://teamcity.example.com to /home/teamcity...
Looking for 'wget'...
'wget' found:
GNU Wget 1.17.1 built on linux-gnu.
+digest -gpgme +https +ipv6 +iri +large-file -metalink +nls +ntlm
--2018-03-13 17:54:36-- https://teamcity.example.com/update/buildAgent.zip
Resolving teamcity.example.com (teamcity.example.com)...
Connecting to teamcity.example.com (teamcity.example.com)||:443... connected.
ERROR: cannot verify teamcity.example.com's certificate, issued by emailAddress=admin@example.com,CN=*.example.com,OU=CEE,O=Example Com,L=London,ST=Great Britain,C=GB:
Self-signed certificate encountered.
To connect to teamcity.example.com insecurely, use `--no-check-certificate'.
Could not download Agent from 'https://teamcity.example.com/update/buildAgent.zip'. Terminating[1]
Comment actions Permalink

I'd suggest to add CA certificate used to sign server certificate onto machine prior to running agent-push.

Even if you succeed with ignoring wget/curl errors, agent won't connect to server unless certificate is trusted, it should be marked as trusted in JVM keytool.

Here's some details in related issue with agent-push to Windows machines

Comment actions Permalink

Thanks for the hint, that worked well:

sudo cp newCertificate.crt /usr/local/share/ca-certificates
sudo update-ca-certificates --fresh

After that, wget would not have troubles anymore to download the buildAgent.zip file during the AgentPush operation.


Please sign in to leave a comment.