Azure DevOps [Server Prepare analyse on SonarQube] task issue with HTTPS

Hi the team,

We are experiencing an issue with the Prepare analyse on SonarQube task of Azure DevOps Server 2019 Update 1.1.

Our SonarQ is an on premise version 8.2

If we use the service with the https URL of SonarQ the pipeline fails and return the following message: [SQ] API GET ‘/api/server/version’ failed, error was: {“code”:“UNABLE_TO_VERIFY_LEAF_SIGNATURE”}

It works when we contact SonarQ with the http URL.

Certificates are installed both on CI Server and SonarQ Community Edition (8.2 build 32929)

Nothing clear and official on the web about this issue. What could be the problem?

thanks in advance

Regards

Hi @Lu_Do and welcome to the community !

Prepare analysis make some HTTP calls against your SQ instance using Node.js, so you need to explicitly tell Node to use this or that certificate using the NODE_EXTRA_CA_CERTS environment variable. (containing the path where your certs are stored)
Make sure that this one will be available with the task, a restart of the agent is always needed.

HTH,
Mickaël

Tip top! Clear enough to go forwad.But now I have another issue. the prepare analyse on sonarQube passed but I receive the following message on the run code analysis task:
ERROR: SonarQube server [******] can not be reach.
Firewall is opened between both servers (CI and SQ)
Any idea ?
Thanks in advance

I think it’s still a certificate issue. (We are making call by different ways : Node.js for the Prepare task, and most often in Java in the Run Code Analysis) Do you have the exact error show ? Is there any stack trace ?

Thanks

here the trace log extracted from the build pipeline:

Thanks8.txt (22.2 KB)

Thanks !

here’s the real error : Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Can you check that your JVM has the correct path to your SQ certificate ?

1 Like

Thanks Mickaël! Indeed, the certificate was not in the cacerts file. Now it works fine ! thanks for the support

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.