Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

TeamCity build agent becomes disconnected after adding self-signed https certificate to teamcity

Tags:

security

https

teamcity

teamcity-7.0

build-agent

I added a self-signed certificate to my Teamcity BuildServer to introduce https support so that it can now be accessed at 

https://ServerUrl:8443

(More details about how here )

The result was that I was able access the server via https, but my build agent was now disconnected. How to fix this?

like image 333
Rune Vejen Petersen Avatar asked Feb 20 '13 12:02

Rune Vejen Petersen

People also ask

How do I add a SSL certificate to TeamCity?

Go to Administration | Projects and click <Root project> in the project tree. In the Root project's settings, open the SSL/HTTPS Certificates tab. Click Upload certificate, specify the certificate name and choose a certificate file of one of the supported formats: PEM, DER or PKCS#7. Save your changes.

How do I authorize a build agent on TeamCity?

If a build agent is installed and running on the same computer as the TeamCity build server, it is authorized automatically. Agents are manually enabled/disabled via the web UI. The TeamCity server only distributes builds to agents that are enabled.

How do I enable my TeamCity agent?

Agents can be manually enabled/disabled via the web UI by clicking the status icon (1) next to the agent's name. Optionally, you can tell TeamCity to automatically disable/enable the agent after a period of time and enter your comment. TeamCity will follow the instructions and show the comment icon (2).

1 Answers

The build agent works as a client to the build server and communicates with it using http/https, and it turns out that when you add a self-signed certificate the build agent does not accept it.

I needed to

  1. Let the build agent know the new path for communicating with the server
  2. Let the build agent know that it could trust the self-signed certificate

To change the path I did the following (see this post for more details )

Locate the file:
$TEAMCITY_HOME/buildAgent/conf/buildAgent.properties

Change the property
serverUrl=http:\://localhost\:8080 to your new url

To let the build agent know that it could trust the new certificate I had to import it into the build agent's key store.This was done using keytool:

keytool -importcert -file <cert file>  
        -keystore <agent installation path>/jre/lib/security/cacerts

( unless you've changed it, the keystore is protected by password: changeit)

The TeamCity team describes this process in slightly more details here

NOTE
If you need to retrieve your certificate from the TeamCity buildserver keystore, you can also use keytool to do this :

keytool -export -alias <alias name>  
        -file <certificate file name> 
        -keystore <Teamcity keystore path>
like image 178
Rune Vejen Petersen Avatar answered Sep 18 '22 16:09

Rune Vejen Petersen
Sign in to Comment

Related questions

Breaking Data.Set integrity without GeneralizedNewtypeDeriving
Why is it not recommended to use server-side stored functions in MongoDB?
Share credentials between native app and web site
Handling sensitive information with Puppet
security error the operation is insecure in firefox document.stylesheets
NDK application Signature Check
Which version of Kafka are impacted due to log4j CVE-2021-44228?
Best practices for detecting DOS (denial of service) attacks? [closed]
How to convert anything to a String safely in JavaScript
How is my data secure with firebase?
ASP.NET Session Mix-up using StateServer (SCARY!)
Is the Parse SDK worth it? (cost-effective?) [closed]
What are the default security groups created when I set up AWS EB for the first time?
SQL Linked Server returns error "no login-mapping exists" when non-admin account is used
How secure is your password in LDAP?
Does my code prevent directory traversal?
Is it a bad practice to expose the database ID to the client in your REST API?
Is there any danger to creating UUID in Javascript client-side?
How to demonstrate an exploit of extract($_POST)?
API design and security: Why hide internal ids?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!