Hello !
I’m trying to connect to our on premise AzureDevOps instance.
I’m installing SonarQube Developer 9.8
Sonar is installed in http on its own server
Same goes for Azure DevOps
Both are “published” through an F5 appliance and are then accessed through https :
https://sonarqube.ourdomain.com
https://azuredevops.ourdomain.com
Problem comes when sonar tries to access https://azuredevops.ourdomain.com
2022.12.26 17:26:17 ERROR web[][o.s.a.c.a.AzureDevOpsHttpClient] Unable to contact Azure DevOps server for request [https://azuredevops.ourdomain.com/MainCollection/_apis/projects?api-version=3.0]: [PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
The certificate on the F5 is a wildcard public certificate (*.ourdomain.com)
What I tried so far :
-
-Dcom.sun.net.ssl.checkRevocation=falseinsonar.web.javaOpts -
-Dcom.sun.net.ssl.checkRevocation=falseinsonar.web.javaAdditionalOpts -
.\keytool -import -v -trustcacerts -alias ipa -file ourdomain-chain.pem -keystore ..\lib\security\cacerts -noprompt -storepass changeitadding the chain certs to java cacerts then adding-Djavax.net.ssl.trustStore=D:\\javaXXXX\\lib\\security\\cacerts -Djavax.net.ssl.trustStorePassword=changeittosonar.web.javaOpts
I have tested these options against :
- RedHat OpenJDK 11.0.2
- RedHat OpenJDK 11.0.3
- RedHat OpenJDK 11.0.17.8
- RedHat OpenJDK 17.0.5.0.8
When starting manually the instance, the parameters do appear in the [web] startup of sonarqube.
Is there a working way to the make Sonar completely ignore the validation ? or tell me which certificates I have to put in the cacerts ?
Internal policies prohibit the change http to https directly on the instance.
Any help appreciated !
Thank you
