Python repo: unable to find valid certification path to requested target

david.lago · May 8, 2024, 8:48am

I try to run de sonar-scanner.bat analyzer over my python repository, but the sonar server is private
I got this error:
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I tried to run this command in Windows.

Also, I can configure the same analyzer but for another project, in this case, a JAVA project. I add the cert.pem file into the Java keystore, but… How can I also add the cert.pem file for this project in python?

Thanks in advance

ganncamp · May 9, 2024, 11:52am

Hi,

Welcome to the community!

You’ve correctly diagnosed this as a problem with the certificate, but there’s nothing to import into Python. You need to get it fully imported into your Java trust store. The docs may help.

Ann

david.lago · May 9, 2024, 12:29pm

hello Ann. Thanks for your answer

For my test in the repository with Java, I have added the certificate to the java keystore in windows: “C:\Program Files\Java\jdk-18.0.2.1\lib\security\cacerts”

Also, since I work with several versions I have also added it to: “C:\Program Files (x86)\Java\jre-1.8\lib\security\cacerts”.
and also to “C:\Program Files\Java\jdk-18.0.2.1\lib\security\cacerts”

Do you think I’m missing something, because I don’t have any other java versions installed on my machine that I know of.

Greetings and thanks again

ganncamp · May 9, 2024, 12:32pm

Hi,

Is this a self-signed certificate? Did you read the docs I pointed you to? If it’s self-signed, you’ll need to import the full chain.

HTH,
Ann

david.lago · May 9, 2024, 12:41pm

I followed the “For SonarScanner for Maven, Gradle, or CLI” section.
And added the trustStore and Password options

sonar-scanner.bat -D"sonar.projectKey=python-fon-lib" -D"sonar.sources=." -D"sonar.host.url=—" -D"sonar.token=–" -D"javax.net.ssl.trustStore=\repositories\tls-mutual-nginx\cacerts" -D"javax.net.ssl.trustStorePassword=changeit"

I need to do something more? I’m sorry if I’m not seeing clearly

ganncamp · May 9, 2024, 12:44pm

Hi,

Take a closer look at that documentation I pointed you to. It’s not a parameter on the analysis command line.

Ann

david.lago · May 9, 2024, 12:49pm

Okey, I set the environment variable, but doesn’t work
[System.Environment]::SetEnvironmentVariable(“SONAR_SCANNER_OPTS”, “-Djavax.net.ssl.trustStore=\repositories\tls-mutual-nginx\cacerts -Djavax.net.ssl.trustStorePassword=changeit”) ← In windows PS

sonar-scanner.bat -D"sonar.projectKey=python-fon-lib" -D"sonar.sources=." -D"sonar.host.url=[host]" -D"sonar.token=[token]"

ganncamp · May 9, 2024, 1:24pm

Hi,

Sorry, but I have nothing to offer here beyond those docs.

Ann

system · May 16, 2024, 1:24pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
javax.net.ssl.SSLHandshakeException PKIX unable to find valid certification path to requested target SonarQube Server / Community Build scanner	5	21	March 18, 2025
SonarQube Enterprise Server can not be reached through sonar-scanner SonarQube Server / Community Build sonarqube , scanner	5	625	May 17, 2023
“PKIX path building failed: unable to find valid certification path to requested” SonarQube Server / Community Build scanner	6	320	November 15, 2024
Sonarqube scanner issue SonarQube Server / Community Build java , scanner , ssl	2	1471	April 7, 2022
Error Sonarqube "PKIX path building failed: unable to find valid certification path to requested" SonarQube Server / Community Build sonarqube , scanner	13	4209	October 21, 2024

Python repo: unable to find valid certification path to requested target

Related topics