Org.sonarsource.scanner.maven should work with Godaddy certificate without checking java truststore


(Anders Grund) #1

Hello,

SonarQube version = 6.7.5 Community version, plugin = org.sonarsource.scanner.maven , sonar.version 3.5.0.1254

when running mvn sonar:sonar against our SonarQube server with godaddy certificate.
(which works with openssl s_client -showcerts -connect :443 from buildserver)

we still got certificate errors, since the plugin seems to check java truststrore only.
Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.5.0.1254:sonar (default-cli) on project teamcity-test: Unable to execute SonarQube: Fail to get bootstrap index from server: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> [Help 1]*

So i want an option or similar so the plugin to check the sonarqube server cert and not the local java truststore on the buildserver.

Thanks& Regards
/Anders


(Scott) #2

What’s your Java version? I had some problems in the past with newer certificates (from Let’s Encrypt Authority in that case) and it was fixed by simply updating the JRE.


(Anders Grund) #3

Hello,
ok, we re using different version,but does not worj wih java version “1.8.0_201” and Maven 3.5.4


(Scott) #4

I just tested with a Go Daddy certificate and it works for me. I’m using java 1.8.0_201 too (this is a default installation, I never added anything to the cacerts file).

image

The root certificates exist on the java cacerts:

keytool -list -v -keystore "C:\Program Files\Java\jdk1.8.0_201\jre\lib\security\cacerts" -storepass changeit -alias "godaddyclass2ca [jdk]"
...
Owner: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
keytool -list -v -keystore "C:\Program Files\Java\jdk1.8.0_201\jre\lib\security\cacerts" -storepass changeit -alias "godaddyrootg2ca [jdk]"
...
Owner: CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US

(Anders Grund) #5

Ok, thanks!
Sounds good! :slight_smile:
I will check in our environment then.