Failed to validate SSL certificate while running sonarscanner against secured SonarQube server through dockerfile


(Niteesha Bodapati) #1

Versions Used:
SonarScanner version – 4.3.1
MsBuild-- version 15.9.20+g88f5fadfbe

Goal:
I am trying to run sonar scanner by connecting to sonarqube server which was already configured and protected by self signed cert.
I am having issues with sonarscanner with validating the cert.
I have a dockerfile created, i have access to certificate which i put them in
/usr/local/share/ca-certificates/ and i ran update-ca-certificates
It gives notification that it loaded the certificates successfully.

Wanted to know if there is any issue with compatibility between msbuild and sonarscanner in validating this certificate.

In dockerfile – the command for running sonarscanner i used is
RUN dotnet-sonarscanner begin /k:“tunein” /d:sonar.host.url=https://sonarqube.build.bldwus2a.amap.ext.mbrdna-eng.com

Followed this document – Installation of the SonarScanner for MSBuild .NET Core Global Tool
(https://docs.sonarqube.org/display/SCAN/Install+the+SonarScanner+for+MSBuild)

dotnet tool install --global dotnet-sonarscanner --version 4.3 . 1

(change 4.3.1 to the latest version available)

On Linux/OSX, if your SonarQube server is secured:

  1. Copy the server’s CA certs to /usr/local/share/ca-certificates
  2. Run sudo update-ca-certificates

Error Log:
SonarScanner for MSBuild 4.3.1
Using the .NET Core version of the Scanner for MSBuild
Default properties file was found at /root/.dotnet/tools/.store/dotnet-sonarscanner/4.3.1/dotnet-sonarscanner/4.3.1/tools/netcoreapp2.
Loading analysis properties from /root/.dotnet/tools/.store/dotnet-sonarscanner/4.3.1/dotnet-sonarscanner/4.3.1/tools/netcoreapp2.1/an
Pre-processing started.
Preparing working directories…
22:22:09.592 Updating build integration targets…
22:22:09.613 Fetching analysis configuration settings…
22:22:10.006 Failed to request and parse ‘https://sonarqube.build.bldwus2a.amap.ext.mbrdna-eng.com/api/server/version’: The SSL connee inner exception. The remote certificate is invalid according to the validation procedure.

Unhandled Exception: System.Net.WebException: The SSL connection could not be established, see inner exception. The remote certificateation procedure. —> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. —> SysticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatc
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
— End of stack trace from previous location where exception was thrown —
at System.Net.Security.SslState.ThrowIfExceptional()
at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.b__47_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise— End of stack trace from previous location where exception was thrown —
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, Cancella
— End of inner exception stack trace —
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, Cancella
at System.Threading.Tasks.ValueTask1.get_Result() at System.Net.Http.HttpConnectionPool.CreateConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken) at System.Threading.Tasks.ValueTask1.get_Result()
at System.Net.Http.HttpConnectionPool.WaitForCreatedConnectionAsync(ValueTask1 creationTask) at System.Threading.Tasks.ValueTask1.get_Result()
at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cance
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.FinishSendAsyncUnbuffered(Task1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, B at System.Net.HttpWebRequest.SendRequest() at System.Net.HttpWebRequest.GetResponse() --- End of inner exception stack trace --- at System.Net.HttpWebRequest.GetResponse() at System.Net.WebClient.GetWebResponse(WebRequest request) at System.Net.WebClient.DownloadBits(WebRequest request, Stream writeStream) at System.Net.WebClient.DownloadDataInternal(Uri address, WebRequest& request) at System.Net.WebClient.DownloadString(Uri address) at SonarScanner.MSBuild.PreProcessor.SonarWebService.<>c__DisplayClass15_0.<DownloadServerVersion>b__0() at SonarScanner.MSBuild.PreProcessor.SonarWebService.DoLogExceptions[T](Func1 op, String url, Action1 onError) at SonarScanner.MSBuild.PreProcessor.SonarWebService.DownloadServerVersion() at SonarScanner.MSBuild.PreProcessor.SonarWebService.GetServerVersion() at SonarScanner.MSBuild.PreProcessor.SonarWebService.GetProperties(String projectKey, String projectBranch) at SonarScanner.MSBuild.PreProcessor.TeamBuildPreProcessor.FetchArgumentsAndRulesets(ISonarQubeServer server, ProcessedArgs args, Tnary2& serverSettings, List`1& analyzersSettings)
at SonarScanner.MSBuild.PreProcessor.TeamBuildPreProcessor.DoExecute(ProcessedArgs localSettings)
at SonarScanner.MSBuild.BootstrapperClass.PreProcess()
at SonarScanner.MSBuild.BootstrapperClass.Execute()
at SonarScanner.MSBuild.Program.Execute(String args, ILogger logger)
at SonarScanner.MSBuild.Program.Main(String args)