I’m resolved my problem in following step by step below
Step 1: Install the PFX Certificate on Windows
Locate the PFX Certificate:
- Go to the location where your
.pfx
file is stored (e.g., C:\cert\cert.pfx
).
Install the Certificate:
- Right-click on the
.pfx
file and select Install Certificate.
- Choose the Local Machine option.
- Choose the certificate store:
- Personal or Trusted Root Certification Authorities if the certificate is for root authentication.
- Enter the certificate password when prompted.
Change the Certificate for the SITE in IIS (SonarQube):
- Select the site in IIS.
- In the right-hand side panel, click on Bindings.
- Select the route/port and change the certificate.
Step 2: Export the PFX Certificate to Base64 Format (.cer)
After installing the certificate, export it in Base64 format to be used in the commands.
Open Windows Certificate Manager:
Press Win + R
, type certmgr.msc
, and press Enter.
Locate the Certificate:
- In the left panel, expand Personal or Trusted Root Certification Authorities, and click on Certificates.
- Find the certificate you just installed.
Export the Certificate:
- Right-click on the certificate and select All Tasks → Export.
- Choose to export without the private key.
- Select the Base-64 encoded X.509 (.CER) format and save the file as
C:\certificado\certexport.cer
.
Step 3: Add the Certificate to the Windows Truststore (Servers)**
Now, add the exported certificate to the Windows Truststore on both servers: Azure DevOps and SonarQube.
Open Command Prompt as Administrator:
- Execute the following command to add the certificate to the “ROOT” store:
bash
certutil -addstore -f “ROOT” C:\certificado\certexport.cer
- This will add the certificate to the trusted certificate store on the server.
Step 4: Add the Certificate to the Java Truststore (Servers)
You also need to add the certificate to the Java Truststore (cacerts
) on both servers if SonarScanner or SonarQube depends on Java.
Locate the Java Truststore:
- The
cacerts
file is usually located at C:\Program Files\Java\jdk-17\lib\security\cacerts
.
Add the Certificate to the Java Truststore:
- Use the
keytool
command to import the certificate into the Java truststore.
Java Default Tool for Managing Certificates:
The default Java tool to manage certificates in the keystore is located at:
bash
“C:\Program Files\Java\jdk-17\bin\keytool.exe” -import -trustcacerts -keystore “C:\Program Files\Java\jdk-17\lib\security\cacerts” -storepass changeit -alias -file C:\cert\certexport.cer
Explanation of Parameters:
-keystore
: Defines the path to the cacerts
file.
-storepass
: Defines the password for the truststore (default is changeit
).
-alias
: Defines an alias for the certificate in the truststore.
-file
: Path to the exported certificate (in Base64 format).
Step 5: Restart to Apply Changes
Aditional documentation: Managing TLS certificates on the client side