I am trying to configure “Prepare Analysis Configuration” against one of our sonarqube severs that uses a certificate signed by our own CA. I have added the certificate to the java cacerts in the agent, but the following error is thrown:
[SQ] API GET ‘/api/server/version’ failed, error was: {“code”:“DEPTH_ZERO_SELF_SIGNED_CERT”}
What actions / properties need to be done to configure the task against a Sonarqube server that uses a certificate signed by our own CA.
First of all sorry for the long delay, we are not used to deal with certificate problems.
SonarQube relies in JVM’s truststore and keystore for https authentication, so the steps you took should be enough.
Can you successfully access api/server/version using another tool or a web server?
Is there any proxy between the scanner and the server?
I am able to properly access the server from any other resource.
There is no proxy.
I think that the issue is related in how the configure task works; I think it uses some kind of nodejs wrapper? So, even if I add the certificate to the java trustore, the task that sets the configuration uses a different runtime (not java at least) to communicate with the server, that’s why I still get that certificate error.
You might try using the NODE_EXTRA_CA_CERTS environment variable and setting it to a file with your root cert (I’ll admit my detailed knowledge of this is a little lacking, but this should get you on the right path).
With that property, it did the trick and properly used the certificate. I have not finished the integration (different error from the certificate) but I think I could continue.