TeamCity build agent becomes disconnected after adding self-signed https certificate to teamcity

Question

I added a self-signed certificate to my Teamcity BuildServer to introduce https support so that it can now be accessed at

https://ServerUrl:8443

(More details about how here )

The result was that I was able access the server via https, but my build agent was now disconnected. How to fix this?

Answer 1

The build agent works as a client to the build server and communicates with it using http/https, and it turns out that when you add a self-signed certificate the build agent does not accept it.

I needed to

1. Let the build agent know the new path for communicating with the server
2. Let the build agent know that it could trust the self-signed certificate

To change the path I did the following (see this post for more details )

Locate the file:
$TEAMCITY_HOME/buildAgent/conf/buildAgent.properties

Change the property
serverUrl=http:\://localhost\:8080 to your new url

To let the build agent know that it could trust the new certificate I had to import it into the build agent's key store.This was done using keytool:

keytool -importcert -file <cert file>  
        -keystore <agent installation path>/jre/lib/security/cacerts

( unless you've changed it, the keystore is protected by password: changeit)

The TeamCity team describes this process in slightly more details here

NOTE
If you need to retrieve your certificate from the TeamCity buildserver keystore, you can also use keytool to do this :

keytool -export -alias <alias name>  
        -file <certificate file name> 
        -keystore <Teamcity keystore path>