[error][SQ] API GET ‘/api/server/version’ failed,error was: {“code”:“UNABLE_TO_VERIFY_LEAF_SIGNATURE

sg1 · July 6, 2022, 8:19am

I am using Azure Devops Pipelines. In pipelines, I have sonarqube tasks. As of the moment, first sonarqube task, which is prepare sonarqube, is giving this error
“API GET ‘/api/server/version’ failed, error was: {“code”:“UNABLE_TO_VERIFY_LEAF_SIGNATURE”}”
Here is the log file:

2022-07-05T12:56:10.7581518Z ##[debug]Evaluating condition for step: 'SOnarqube Prepare'
2022-07-05T12:56:10.7583374Z ##[debug]Evaluating: SucceededNode()
2022-07-05T12:56:10.7583966Z ##[debug]Evaluating SucceededNode:
2022-07-05T12:56:10.7585300Z ##[debug]=> True
2022-07-05T12:56:10.7585876Z ##[debug]Result: True
2022-07-05T12:56:10.7586490Z ##[section]Starting: SOnarqube Prepare
2022-07-05T12:56:10.7745725Z ==============================================================================
2022-07-05T12:56:10.7746349Z Task         : Prepare Analysis Configuration
2022-07-05T12:56:10.7746856Z Description  : Prepare SonarQube analysis configuration
2022-07-05T12:56:10.7747267Z Version      : 5.6.0
2022-07-05T12:56:10.7747769Z Author       : sonarsource
2022-07-05T12:56:10.7748540Z Help         : Version: 5.6.0. [More Information](http://redirect.sonarsource.com/doc/install-configure-scanner-tfs-ts.html)
2022-07-05T12:56:10.7749279Z ==============================================================================
2022-07-05T12:56:10.8119366Z ##[debug]Using node path: C:\agent\externals\node10\bin\node.exe
2022-07-05T12:56:10.9923557Z ##[debug]agent.TempDirectory=C:\agent\_work\_temp
2022-07-05T12:56:10.9955957Z ##[debug]loading inputs and endpoints
2022-07-05T12:56:10.9973562Z ##[debug]loading ENDPOINT_AUTH_46dc9408-08d5-49a8-b68b-1958582194e6
2022-07-05T12:56:10.9994246Z ##[debug]loading ENDPOINT_AUTH_PARAMETER_46dc9408-08d5-49a8-b68b-1958582194e6_USERNAME
2022-07-05T12:56:11.0005775Z ##[debug]loading ENDPOINT_AUTH_PARAMETER_SYSTEMVSSCONNECTION_ACCESSTOKEN
2022-07-05T12:56:11.0015751Z ##[debug]loading ENDPOINT_AUTH_SCHEME_46dc9408-08d5-49a8-b68b-1958582194e6
2022-07-05T12:56:11.0025319Z ##[debug]loading ENDPOINT_AUTH_SCHEME_SYSTEMVSSCONNECTION
2022-07-05T12:56:11.0035018Z ##[debug]loading ENDPOINT_AUTH_SYSTEMVSSCONNECTION
2022-07-05T12:56:11.0062791Z ##[debug]loading INPUT_CLIPROJECTVERSION
2022-07-05T12:56:11.0065739Z ##[debug]loading INPUT_CLISOURCES
2022-07-05T12:56:11.0067422Z ##[debug]loading INPUT_CONFIGFILE
2022-07-05T12:56:11.0069100Z ##[debug]loading INPUT_CONFIGMODE
2022-07-05T12:56:11.0070510Z ##[debug]loading INPUT_EXTRAPROPERTIES
2022-07-05T12:56:11.0071759Z ##[debug]loading INPUT_PROJECTVERSION
2022-07-05T12:56:11.0072949Z ##[debug]loading INPUT_SCANNERMODE
2022-07-05T12:56:11.0074097Z ##[debug]loading INPUT_SONARQUBE
2022-07-05T12:56:11.0075471Z ##[debug]loading SECRET_SYSTEM_ACCESSTOKEN
2022-07-05T12:56:11.0076532Z ##[debug]loaded 15
2022-07-05T12:56:11.0077768Z ##[debug]Agent.ProxyUrl=undefined
2022-07-05T12:56:11.0078929Z ##[debug]Agent.CAInfo=C:\node-trustet-root-cas\bpe-dc.pem
2022-07-05T12:56:11.0080260Z ##[debug]Agent.ClientCert=undefined
2022-07-05T12:56:11.0081536Z ##[debug]expose agent certificate configuration.
2022-07-05T12:56:11.0082618Z ##[debug]Agent.SkipCertValidation=undefined
2022-07-05T12:56:11.3884243Z ##[debug]SonarQube=46dc9408-08d5-49a8-b68b-1958582194e6
2022-07-05T12:56:11.3887220Z ##[debug]46dc9408-08d5-49a8-b68b-1958582194e6=https://sonarqube.bpe.local/
2022-07-05T12:56:11.3891332Z ##[debug]46dc9408-08d5-49a8-b68b-1958582194e6 auth param apitoken = undefined
2022-07-05T12:56:11.3895300Z ##[debug]46dc9408-08d5-49a8-b68b-1958582194e6 auth param username = ***
2022-07-05T12:56:11.3897359Z ##[debug]46dc9408-08d5-49a8-b68b-1958582194e6 auth param password = undefined
2022-07-05T12:56:11.3899116Z ##[debug]organization=undefined
2022-07-05T12:56:11.3900744Z ##[debug]scannerMode=Other
2022-07-05T12:56:11.3902480Z ##[debug][SQ] API GET: '/api/server/version' with query "undefined"
2022-07-05T12:56:11.4368519Z ##[debug][SQ] API GET '/api/server/version' failed, error was: {"code":"UNABLE_TO_VERIFY_LEAF_SIGNATURE"}
2022-07-05T12:56:11.4375854Z ##[debug]task result: Failed
2022-07-05T12:56:11.4381247Z ##[error][SQ] API GET '/api/server/version' failed, error was: {"code":"UNABLE_TO_VERIFY_LEAF_SIGNATURE"}
2022-07-05T12:56:11.4383996Z ##[debug]Processed: ##vso[task.issue type=error;][SQ] API GET '/api/server/version' failed, error was: {"code":"UNABLE_TO_VERIFY_LEAF_SIGNATURE"}
2022-07-05T12:56:11.4396989Z ##[debug]Processed: ##vso[task.complete result=Failed;][SQ] API GET '/api/server/version' failed, error was: {"code":"UNABLE_TO_VERIFY_LEAF_SIGNATURE"}

This problem occured after we changed the connection to an SSL based one using “https”-URLs. do you guys have any suggestions, what would be the solution?

already done:

adapted https endpoint with token in service connection in azure devops
added capabilities of NODE_CA_CERTS to agents in azure devops server
HTTPS Configuration in Sonarqube server according to this Documentation

Thank you in advance

ganncamp · July 7, 2022, 4:30pm

Hi,

Welcome to the community!

This thread may help:

Ann

sg1 · July 8, 2022, 7:22am

Thank you for your reply. I have already added NODE_EXTRA_CA_CERTS to windows azure agent. Problem is with sonarqube run analysis task. I believe I need to import trusted certificate to java jdk certificate store.

rdaniels · August 29, 2023, 9:38pm

Has a solution to this issue been published? I am running SonarQube behind a IIS reverse proxy.

lee321 · February 9, 2024, 1:03pm

Hi All,

We are also now seeing this issue, is any solution forthcoming?

##[error][SQ] API GET ‘/api/server/version’ failed, error was: {“code”:“UNABLE_TO_VERIFY_LEAF_SIGNATURE”}

We can access our sonar server, via the browser and HTTPS, but we can’t get any scans to upload.