Must-share information (formatted with Markdown):
- which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension) 8.9
- what are you trying to achieve - We are trying to renew the SSL certificate for sonarqube
- what have you tried so far to achieve this
We have to renew our existing SSL certificate for sonarqube version 8.9 which is installed on Linux 7. We received private key, certificate and certificate chain details from security team. We tried generating .p12 and key file from given documents with below command.
openssl pkcs12 -export -inkey private_key.pem -in Certificate.pem -CAfile Certificate_chain.pem -out sonar.p12 -name sonarkey -caname root
keytool -importkeystore -srckeystore sonar.p12 -srcstoretype pkcs12 -destkeystore private_key.key
We copied all generated certificate files in httpd directory at /etc/httpd/SonarqubeSSL/
We restarted httpd and sonarqube service but we are receiving below error related to private key.
[Wed Jul 06 05:52:59.973960 2022] [ssl:error] [pid 16710] AH02203: Init: Private key not found [Wed Jul 06 05:52:59.973998 2022] [ssl:error] [pid 16710] SSL Library Error: error:0609E09C:digital envelope routines:PKEY_SET_TYPE:unsupported algorithm [Wed Jul 06 05:52:59.974014 2022] [ssl:error] [pid 16710] SSL Library Error: error:0606F076:digital envelope routines:EVP_PKCS82PKEY:unsupported private key
Below is the line of code we added into /etc/httpd/conf.d/ssl.conf
<VirtualHost _default_:8999> ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn SSLEngine on SSLProtocol -all +TLSv1.2 SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA:!DES:!3DES SSLCertificateFile /etc/httpd/SonarqubeSSL/Certificate.crt SSLCertificateKeyFile /etc/httpd/SonarqubeSSL/private_key.key SSLCertificateChainFile /etc/httpd/SonarqubeSSL/Certificate_chain.crt SSLCACertificateFile /etc/httpd/SonarqubeSSL/Certificate_chain.pem </VirtualHost>
Can someone advise what’s going wrong here?