Org.sonarsource.scanner.maven should work with Godaddy certificate without checking java truststore


SonarQube version = 6.7.5 Community version, plugin = org.sonarsource.scanner.maven , sonar.version

when running mvn sonar:sonar against our SonarQube server with godaddy certificate.
(which works with openssl s_client -showcerts -connect :443 from buildserver)

we still got certificate errors, since the plugin seems to check java truststrore only.
Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin: (default-cli) on project teamcity-test: Unable to execute SonarQube: Fail to get bootstrap index from server: PKIX path building failed: unable to find valid certification path to requested target -> [Help 1]*

So i want an option or similar so the plugin to check the sonarqube server cert and not the local java truststore on the buildserver.

Thanks& Regards

What’s your Java version? I had some problems in the past with newer certificates (from Let’s Encrypt Authority in that case) and it was fixed by simply updating the JRE.

ok, we re using different version,but does not worj wih java version “1.8.0_201” and Maven 3.5.4

I just tested with a Go Daddy certificate and it works for me. I’m using java 1.8.0_201 too (this is a default installation, I never added anything to the cacerts file).


The root certificates exist on the java cacerts:

keytool -list -v -keystore "C:\Program Files\Java\jdk1.8.0_201\jre\lib\security\cacerts" -storepass changeit -alias "godaddyclass2ca [jdk]"
Owner: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
keytool -list -v -keystore "C:\Program Files\Java\jdk1.8.0_201\jre\lib\security\cacerts" -storepass changeit -alias "godaddyrootg2ca [jdk]"
Owner: CN=Go Daddy Root Certificate Authority - G2, O=", Inc.", L=Scottsdale, ST=Arizona, C=US

Ok, thanks!
Sounds good! :slight_smile:
I will check in our environment then.

I check now and the java trust store is ok.
But the Go Daddy class 2 cert is not included in my sonarqube server cert chain.

The java trustsstore is ok, and our godaddy cert too, but still fails.
Any ideas ?