I have a server running SonarQube in a Docker container. On this server, I also use an SSL certificate issued by a Certificate Authority (CA). However, when performing code analysis through the GitLab CI/CD pipeline, I encounter the error “PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.” My code is written in dotnet 8.0. How can I validate the certificate to resolve this issue? Recent documentation has not been clear about the correct way to validate TLS certificates.
I noticed in your configuration when specifying the client cert path that you wrote:
/d:sonar.clientcert.path=/usr/local/share/ca-certificates/truststore.p12\ /d:sonar.clientcert.password=mypassword
^ // This backslash should not be here
I believe there is a backslash (\) that should not be here.
It seems to match the error as /usr/local/share/ca-certificates/truststore.p12\ /d:sonar.clientcert.password=mypassword is not a valid path.
From what I can see you are trying to set up your CI to use client certificates.
You probably need to set the following options before the end step:
javax.net.ssl.keyStore (same value as sonar.clientcert.path)
javax.net.ssl.keyStorePassword (same value as sonar.clientcert.password)
Unfortunately, you cannot set those values from the begin step.
To do so, you can set the SONAR_SCANNER_OPTS environment variable.
In your gitlab-ci.yml config, it should look like this:
The SONAR_SCANNER_OPTS allows you to pass arguments to the SonarScanner CLI that cannot be passed through the begin step.
If this does not solve your issue, to be able to do further investigation, I would need you to share with me the verbose log of both the begin and end steps.
To do so, do not forget to add the /d:sonar.verbose=true to the begin step.
I would like to make some clarifications about what you are trying to achieve here.
I was under the impression that you were trying to set up the usage of client certificates.
However, the error in your logs seems to suggest that the error is about server certificates.
Do you use client certificates as part of your authentication process?
In any case, to fix the current error you have, you can set the javax.net.ssl.trustStore & javax.net.ssl.trustStorePassword options: