PKIX path building failed for Advanced Security

Must-share information (formatted with Markdown):

• which versions are you using (SonarQube Server 2026.2)
• how is SonarQube deployed: zip

After updating to 2026.2 from 2025.5 Advanced security network check started to fail with error below. We tried to import certificates to cacert for 2 urls below but error is still not resolved.

{
“featureEnabled”: true,
“selfTestPassed”: false,
“cliVersionCheck”: {
“attemptedUrl”: “https://scanner.sonarcloud.io/tidelift-cli/tidelift-cli.version”,
“attemptedMethod”: “GET”,
“responseCode”: 0,
“responseBody”: “(IO error (certificate_unknown) PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)”,
“responseBodyAppearsValid”: false,
“responseHeaders”: []
},
“vulnerabilityDetailsCheck”: {
“attemptedUrl”: “https://api.sonarcloud.io/sca/dependency-service/v1/vulnerabilities/CVE-2022-38392?purl_in_use=pkg%3Amaven%2Forg.apache.logging.log4j%2Flog4j-core%3Fversion%3D2.14.0”,
“attemptedMethod”: “GET”,
“responseCode”: 0,
“responseBody”: “(IO error (certificate_unknown) PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)”,
“responseBodyAppearsValid”: false,
“responseHeaders”: []
}
}

do you perform TLS MITM somewhere? If so, you need to install the root certificate into the certificate store of the JVM (cacerts)

yes, we have TLS MITM. We already tried to install, it is still not working.

then you might have installed the wrong one or the chain to your target is incomplete. Check if the MITM returns the full chain until the root that you have installed or the one that is actually used to sign the certificate.