Dotnet-sonarscanner doesnt work with SSL (HTTPS)

SonarQube Server / Community Build
, ,
1

I have a server sonarqube on premisse (version 9.x), and it is configured with HTTPS protocol. However when I run dotnet-sonarscanner it show me an error message because ssl certificate.

Command:

dotnet-sonarscanner begin /k:multicanal-dcs-apl-back-dcs /d:sonar.login=blabla /d:sonar.password=xxxxxxx /d:sonar.host.url='https://sonar.company.com.br' /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml /d:sonar.scanner.force-deprecated-java-version=true /d:sonar.verbose=true

SonarScanner for MSBuild 5.2.1
Using the .NET Core version of the Scanner for MSBuild
Default properties file was found at /root/.dotnet/tools/.store/dotnet-sonarscanner/5.2.1/dotnet-sonarscanner/5.2.1/tools/net5.0/any/SonarQube.Analysis.xml
Loading analysis properties from /root/.dotnet/tools/.store/dotnet-sonarscanner/5.2.1/dotnet-sonarscanner/5.2.1/tools/net5.0/any/SonarQube.Analysis.xml
sonar.verbose=true was specified - setting the log verbosity to 'Debug'
Pre-processing started.
Preparing working directories...
Using environment variables to determine the download directory...
13:32:07.661  13:32:07.633  Loading analysis properties from /root/.dotnet/tools/.store/dotnet-sonarscanner/5.2.1/dotnet-sonarscanner/5.2.1/tools/net5.0/any/SonarQube.Analysis.xml
13:32:07.661  13:32:07.661  sonar.verbose=true was specified - setting the log verbosity to 'Debug'
13:32:07.663  Updating build integration targets...
13:32:07.67  Installed SonarQube.Integration.ImportBefore.targets to /root/.local/share/Microsoft/MSBuild/4.0/Microsoft.Common.targets/ImportBefore
13:32:07.671  Installed SonarQube.Integration.ImportBefore.targets to /root/.local/share/Microsoft/MSBuild/10.0/Microsoft.Common.targets/ImportBefore
13:32:07.671  Installed SonarQube.Integration.ImportBefore.targets to /root/.local/share/Microsoft/MSBuild/11.0/Microsoft.Common.targets/ImportBefore
13:32:07.672  Installed SonarQube.Integration.ImportBefore.targets to /root/.local/share/Microsoft/MSBuild/12.0/Microsoft.Common.targets/ImportBefore
13:32:07.672  Installed SonarQube.Integration.ImportBefore.targets to /root/.local/share/Microsoft/MSBuild/14.0/Microsoft.Common.targets/ImportBefore
13:32:07.673  Installed SonarQube.Integration.ImportBefore.targets to /root/.local/share/Microsoft/MSBuild/15.0/Microsoft.Common.targets/ImportBefore
13:32:07.674  Installed SonarQube.Integration.ImportBefore.targets to /root/.local/share/Microsoft/MSBuild/Current/Microsoft.Common.targets/ImportBefore
13:32:07.674  Installed SonarQube.Integration.ImportBefore.targets to /root/Microsoft/MSBuild/15.0/Microsoft.Common.targets/ImportBefore
13:32:07.675  Installed SonarQube.Integration.ImportBefore.targets to /root/Microsoft/MSBuild/Current/Microsoft.Common.targets/ImportBefore
13:32:07.694  Installed SonarQube.Integration.targets to /app/.sonarqube/bin/targets
13:32:07.695  Creating config and output folders...
13:32:07.696  Creating directory: /app/.sonarqube/conf
13:32:07.698  Creating directory: /app/.sonarqube/out
13:32:07.739  Downloading from https://sonar.safra.com.br/api/server/version...
13:32:08.029  Failed to request and parse 'https://sonar.safra.com.br/api/server/version': The SSL connection could not be established, see inner exception.
Unhandled exception. System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot

==========================================

And when I put a path of certificated and password, it´s returning the following message:

dotnet-sonarscanner begin /k:project-apl-back /d:sonar.login=blabla /d:sonar.password=********** /d:sonar.host.url='https://sonar.company.com.br' /d:sonar.clientcert.path='.' /d:sonar.clientcert.password=changeit /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml /d:sonar.scanner.force-deprecated-java-version=true /d:sonar.verbose=true
SonarScanner for MSBuild 5.2.1
Using the .NET Core version of the Scanner for MSBuild
Default properties file was found at /root/.dotnet/tools/.store/dotnet-sonarscanner/5.2.1/dotnet-sonarscanner/5.2.1/tools/net5.0/any/SonarQube.Analysis.xml
Loading analysis properties from /root/.dotnet/tools/.store/dotnet-sonarscanner/5.2.1/dotnet-sonarscanner/5.2.1/tools/net5.0/any/SonarQube.Analysis.xml
sonar.verbose=true was specified - setting the log verbosity to 'Debug'
Pre-processing started.
Preparing working directories...
Using environment variables to determine the download directory...
13:39:58.986  13:39:58.979  Loading analysis properties from /root/.dotnet/tools/.store/dotnet-sonarscanner/5.2.1/dotnet-sonarscanner/5.2.1/tools/net5.0/any/SonarQube.Analysis.xml
13:39:58.986  13:39:58.986  sonar.verbose=true was specified - setting the log verbosity to 'Debug'
13:39:58.988  Updating build integration targets...
13:39:58.993  The file SonarQube.Integration.ImportBefore.targets is up to date at /root/.local/share/Microsoft/MSBuild/4.0/Microsoft.Common.targets/ImportBefore
13:39:58.993  The file SonarQube.Integration.ImportBefore.targets is up to date at /root/.local/share/Microsoft/MSBuild/10.0/Microsoft.Common.targets/ImportBefore
13:39:58.993  The file SonarQube.Integration.ImportBefore.targets is up to date at /root/.local/share/Microsoft/MSBuild/11.0/Microsoft.Common.targets/ImportBefore
13:39:58.993  The file SonarQube.Integration.ImportBefore.targets is up to date at /root/.local/share/Microsoft/MSBuild/12.0/Microsoft.Common.targets/ImportBefore
13:39:58.993  The file SonarQube.Integration.ImportBefore.targets is up to date at /root/.local/share/Microsoft/MSBuild/14.0/Microsoft.Common.targets/ImportBefore
13:39:58.993  The file SonarQube.Integration.ImportBefore.targets is up to date at /root/.local/share/Microsoft/MSBuild/15.0/Microsoft.Common.targets/ImportBefore
13:39:58.993  The file SonarQube.Integration.ImportBefore.targets is up to date at /root/.local/share/Microsoft/MSBuild/Current/Microsoft.Common.targets/ImportBefore
13:39:58.994  The file SonarQube.Integration.ImportBefore.targets is up to date at /root/Microsoft/MSBuild/15.0/Microsoft.Common.targets/ImportBefore
13:39:58.994  The file SonarQube.Integration.ImportBefore.targets is up to date at /root/Microsoft/MSBuild/Current/Microsoft.Common.targets/ImportBefore
13:39:59.016  Installed SonarQube.Integration.targets to /app/.sonarqube/bin/targets
13:39:59.017  Creating config and output folders...
13:39:59.018  Creating directory: /app/.sonarqube/conf
13:39:59.021  Creating directory: /app/.sonarqube/out
Unhandled exception. System.UnauthorizedAccessException: Access to the path '/app/.sonarqube' is denied.
 ---> System.IO.IOException: Permission denied
   --- End of inner exception stack trace ---
   at Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String path, OpenFlags flags, Int32 mode)
   at System.IO.FileStream.OpenHandle(FileMode mode, FileShare share, FileOptions options)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
   at System.IO.File.ReadAllBytes(String path)

But I have access in all folders on the machine.

Some actions that I did:

  • chmod 777 on dolder and all items into it…
  • change password
  • import certificated by linux with keytool

Could you help me?

2

Hey there.

First things first, you should be using a much newer version of the SonarScanner for .NET. v5.2.1 was published in April 2021, and v8.0.2 is the most recent GA version. sonar.clientcert.password didn’t even exist until v5.2.2.