How to integrate with Teamcity behind SSL reverse proxy


I installed Teamcity behind an apache web server to serve as an SSL termination point. This works correctly. Just when I try to set up the Teamcity integration in youtrack I seem to run into a problem with the SSL certificate. The "Test connection" link outputs the following error:

Can't connect to TeamCity: PKIX path building failed: unable to find valid certification path to requested target

The SSL certificate I use on the web server is signed by a private CA. The certifcate of this CA is imported and set to trusted in the default keystore of the JVM that is used to run youtrack. I'm under the impression that youtrack ignores this keystore and may be using some own keystore. Where can this keystore be found so that I may add the CA certificate there too?

Please note: I do not want to authenticate youtrack to teamcity by the use of client certificates if I'm not somehow forced too. All I care for is that HTTPS is used for the communication.
1 comment
Comment actions Permalink
My bad... It turned out that the keystore (cacerts) of the JVM in use by Jetty actually didn't contain the CA certificate. After I added it and restarted jetty youtrack was able to access TeamCity behind SSL.

Please sign in to leave a comment.