Error while renewing SSL certificate for sonaqube

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension) 8.9
  • what are you trying to achieve - We are trying to renew the SSL certificate for sonarqube
  • what have you tried so far to achieve this
    We have to renew our existing SSL certificate for sonarqube version 8.9 which is installed on Linux 7. We received private key, certificate and certificate chain details from security team. We tried generating .p12 and key file from given documents with below command.

openssl pkcs12 -export -inkey private_key.pem -in Certificate.pem -CAfile Certificate_chain.pem -out sonar.p12 -name sonarkey -caname root

keytool -importkeystore -srckeystore sonar.p12 -srcstoretype pkcs12 -destkeystore private_key.key

We copied all generated certificate files in httpd directory at /etc/httpd/SonarqubeSSL/

We restarted httpd and sonarqube service but we are receiving below error related to private key.

[Wed Jul 06 05:52:59.973960 2022] [ssl:error] [pid 16710] AH02203: Init: Private key not found
[Wed Jul 06 05:52:59.973998 2022] [ssl:error] [pid 16710] SSL Library Error: error:0609E09C:digital envelope routines:PKEY_SET_TYPE:unsupported algorithm
[Wed Jul 06 05:52:59.974014 2022] [ssl:error] [pid 16710] SSL Library Error: error:0606F076:digital envelope routines:EVP_PKCS82PKEY:unsupported private key

Below is the line of code we added into /etc/httpd/conf.d/ssl.conf

<VirtualHost _default_:8999>

ErrorLog logs/ssl_error_log

TransferLog logs/ssl_access_log

LogLevel warn

SSLEngine on

SSLProtocol -all +TLSv1.2


SSLCertificateFile /etc/httpd/SonarqubeSSL/Certificate.crt

SSLCertificateKeyFile /etc/httpd/SonarqubeSSL/private_key.key

SSLCertificateChainFile /etc/httpd/SonarqubeSSL/Certificate_chain.crt

SSLCACertificateFile /etc/httpd/SonarqubeSSL/Certificate_chain.pem


Can someone advise what’s going wrong here?

Hey there.

This will ultimately be an httpd support inquiry, rather than SonarQube – which just sits behind the reverse proxy you’ve configured.