Org.sonarsource.scanner.maven should work with Godaddy certificate without checking java truststore

(Anders Grund) #1


SonarQube version = 6.7.5 Community version, plugin = org.sonarsource.scanner.maven , sonar.version

when running mvn sonar:sonar against our SonarQube server with godaddy certificate.
(which works with openssl s_client -showcerts -connect :443 from buildserver)

we still got certificate errors, since the plugin seems to check java truststrore only.
Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin: (default-cli) on project teamcity-test: Unable to execute SonarQube: Fail to get bootstrap index from server: PKIX path building failed: unable to find valid certification path to requested target -> [Help 1]*

So i want an option or similar so the plugin to check the sonarqube server cert and not the local java truststore on the buildserver.

Thanks& Regards

(Scott) #2

What’s your Java version? I had some problems in the past with newer certificates (from Let’s Encrypt Authority in that case) and it was fixed by simply updating the JRE.

(Anders Grund) #3

ok, we re using different version,but does not worj wih java version “1.8.0_201” and Maven 3.5.4

(Scott) #4

I just tested with a Go Daddy certificate and it works for me. I’m using java 1.8.0_201 too (this is a default installation, I never added anything to the cacerts file).


The root certificates exist on the java cacerts:

keytool -list -v -keystore "C:\Program Files\Java\jdk1.8.0_201\jre\lib\security\cacerts" -storepass changeit -alias "godaddyclass2ca [jdk]"
Owner: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
keytool -list -v -keystore "C:\Program Files\Java\jdk1.8.0_201\jre\lib\security\cacerts" -storepass changeit -alias "godaddyrootg2ca [jdk]"
Owner: CN=Go Daddy Root Certificate Authority - G2, O=", Inc.", L=Scottsdale, ST=Arizona, C=US

(Anders Grund) #5

Ok, thanks!
Sounds good! :slight_smile:
I will check in our environment then.