将自签名https证书添加到teamcity后,TeamCity构建代理将断开连接 [英] TeamCity build agent becomes disconnected after adding self-signed https certificate to teamcity
问题描述
我在我的Teamcity BuildServer中添加了一个自签名证书,以引入https支持,现在可以在
I added a self-signed certificate to my Teamcity BuildServer to introduce https support so that it can now be accessed at
https://ServerUrl:8443
(有关在哪里)
结果是我能够访问服务器通过https,但我的构建代理现已断开连接。如何解决这个问题?
The result was that I was able access the server via https, but my build agent was now disconnected. How to fix this?
推荐答案
构建代理作为构建服务器的客户端,并使用http / https与之通信,事实证明,当您添加自签名证书时,构建代理不接受它。
The build agent works as a client to the build server and communicates with it using http/https, and it turns out that when you add a self-signed certificate the build agent does not accept it.
我需要
- 让构建代理知道与服务器通信的新路径
- 让构建代理知道它可以信任自签名证书
To change the path I did the following (see this post for more details )
找到文件:
$ TEAMCITY_HOME / buildAgent / conf / buildAgent.properties
更改房产
serverUrl = http: \:// localhost \:8080 到您的新网址
让构建代理知道它可以信任新证书我必须将其导入构建代理的密钥存储区。这是使用keytool完成的:
To let the build agent know that it could trust the new certificate I had to import it into the build agent's key store.This was done using keytool:
keytool -importcert -file <cert file>
-keystore <agent installation path>/jre/lib/security/cacerts
( 除非您已更改密钥,否则密钥库受密码保护:更改)
TeamCity团队更详细地描述了此过程这里
The TeamCity team describes this process in slightly more details here
注意
如果您需要从TeamCity构建服务器密钥库中检索证书,还可以使用keytool执行此操作:
NOTE
If you need to retrieve your certificate from the TeamCity buildserver keystore, you can also use keytool to do this :
keytool -export -alias <alias name>
-file <certificate file name>
-keystore <Teamcity keystore path>
这篇关于将自签名https证书添加到teamcity后,TeamCity构建代理将断开连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!