How to set path to own truststore?

Must-share information (formatted with Markdown):

• which versions are you using: SonarQube Community Edition
• how is SonarQube deployed: zip

Hi,

first - I am no JAVA developer and have no idea how to handle JAVA things

I successfully added our self-signed certificates into %JAVA_HOME%/lib/security/cacert. Unfortunately our JAVA installation was upgraded automatically and with that all our entries in that truststore were gone and the Run code analysis step in Azure DevOps fails now with

##[error]Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

So my question is, how is it possible to set the path to a own (additional) truststore where I can add our certificates?

Hi @a2stein,
You need to find the JRE used by the scanner and import the certificates into the keystore.
You can probably get the information of java path in scanner log.
Note that some versions of the scanner include an embdedJRE.

Hey @a2stein

To add onto @Bachri_Abdel’s answer, I recommend checking the documentation on Managing TLS certificates on the client side, specifically Adding the self-signed server certificate to the trusted CA certificates. There you’ll find the right analysis parameters / environment variables to fiddle with and point to a truststore.