PKIX path building failed:

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    Current Version:- 9.5 (build 56709) Developer Edition
    Upgrading to - Developer Edition
  • how is SonarQube deployed: zip
  • what are you trying to achieve
    I am trying to upgrade Sonar Qube from 9.5 to 9.8 and then planning to upgrade to 9.9
  • what have you tried so far to achieve this
  • Copied the Zip folder on the server
  • Unzip and updated file from previous version ( id not overwrite)
  • Copied wrapper.config file from prev version
  • In Wrapper config updated below


Then I downloaded the

  • Copied this “mssql-jdbc_auth-11.2.1.x64.dll” in a new folder created “C:\sonarqube\sonarqube-\jdbc\mssql”.

  • Also copied this in C:\sonarqube\sonarqube-\extensions\jdbc-driver\mssql

  • My Sonar Qube path is set “SONAR_HOME” with value “c:\sonarqube”

  • Sonar qube user has full access on this folder and also is sysadmin on DB.

Service just stopped after few minutes of restart.

Java JDK installed is JDK 11.
C:\Program Files\Java\jdk-11.0.10

We are using wrapper.config file as well which is also in conf folder. Java path is set up in wrapper.config file\Program Files\Java\jdk-11.0.10\bin\java.exe

Error in Web Log:- The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption.

Error: “PKIX path building failed: unable to find valid certification path to requested target”. ClientConnectionId:9e3ab9f6-0a40-4367-9962-6d8028dbe798

Error in Sonar.log:-
023.03.21 10:30:55 INFO app
o.s.a.AppFileSystem] Cleaning or creating temp directory C:\sonarqube\sonarqube-\temp
2023.03.21 10:30:55 INFO app[] Elasticsearch listening on [HTTP:, TCP:]
2023.03.21 10:30:55 INFO app[o.s.a.ProcessLauncherImpl] Launch process[ELASTICSEARCH] from [C:\sonarqube\sonarqube-\elasticsearch]: C:\Program Files\Java\jdk-11.0.10\bin\java -XX:+UseG1GC\sonarqube\sonarqube-\temp -XX:ErrorFile=…/logs/es_hs_err_pid%p.log -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -Djna.tmpdir=C:\sonarqube\sonarqube-\temp -XX:-OmitStackTraceInFastThrow -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Dlog4j2.formatMsgNoLookups=true -Djava.locale.providers=COMPAT -Dcom.redhat.fips=false -Des.enforce.bootstrap.checks=true -Xmx512m -Xms512m -XX:MaxDirectMemorySize=256m -XX:+HeapDumpOnOutOfMemoryError -Delasticsearch -Des.path.home=C:\sonarqube\sonarqube-\elasticsearch -Des.path.conf=C:\sonarqube\sonarqube-\temp\conf\es -cp lib/* org.elasticsearch.bootstrap.Elasticsearch
2023.03.21 10:30:55 INFO app[o.s.a.SchedulerImpl] Waiting for Elasticsearch to be up and running
2023.03.21 10:31:02 INFO app[o.s.a.SchedulerImpl] Process[es] is up
2023.03.21 10:31:02 INFO app[o.s.a.ProcessLauncherImpl] Launch process[WEB_SERVER] from [C:\sonarqube\sonarqube-]: C:\Program Files\Java\jdk-11.0.10\bin\java -Djava.awt.headless=true -Dfile.encoding=UTF-8\sonarqube\sonarqube-\temp -XX:-OmitStackTraceInFastThrow --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/ --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED --add-exports=java.base/jdk.internal.ref=ALL-UNNAMED --add-opens=java.base/java.nio=ALL-UNNAMED --add-opens=java.base/ -Dcom.redhat.fips=false -Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError -Dhttp.nonProxyHosts=localhost|127.*|[::1] -cp ./lib/sonar-application-;C:\sonarqube\sonarqube-\lib\jdbc\mssql\mssql-jdbc-11.2.1.jre11.jar C:\sonarqube\sonarqube-\temp\sq-process15177727812824390543properties
2023.03.21 10:31:06 INFO app[o.s.a.SchedulerImpl] Process[Web Server] is stopped
2023.03.21 10:31:06 INFO app[o.s.a.SchedulerImpl] Process[ElasticSearch] is stopped
2023.03.21 10:31:06 INFO app[o.s.a.SchedulerImpl] SonarQube is stopped

Other thing I tried is to upgrade step by step to 9.6 hen 9.7 and then 9.8 but still getting same error when upgrade to 9.6.

I wanted to upgrade finally to 9.9, (even tried installing JAVA JDK 17 for 9.9, but nothing works

Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!

just to update if I revert all my changes back to prev version 9.5 it works fine.

Also I am trying to upgrade this on our preprd environment which is exactly replica of PRD with no internet access.

similar way I did upgrade earlier version from 9.2 => 9.4 and then 9.5

I have sorted this need to add “trustServerCertificate=true” end of jdbc url value


Also Added in Environment variable
SONAR_JAVA_PATH = C:\Program Files\Java\jdk-17\bin\java.exe


this is only a half-baked solution. This error

means the Java 17 (keystore = /lib/security/cacerts) your Sonarqube instance runs on misses the certs of your organization. Either ask your Java admins or search the inet, there are tons of links with detailed explanations.


Hello, i have very similar issues:
i am using docker-compose and i am trying to add ca cert in the sonarqube docker, but not working, i have same error:
Caused by: PKIX path building failed: unable to find valid certification path to requested target
SQ version is 9.9.2
i added volume with my crt file:
maybe need more config in the docker-compose file?