Run Code Analysis Task on TFS 2018 fails every time with certificate error

ssl
tfs

(Swtrse) #1

Hello,
When using the Run Code Analysis Task on TFS2018 with https (over IIS proxy) the Task fails every time. The same with http (Connecting to the SonarQ without IIS) works very well.

I tried to insert the certificates on every possible location I can think of.
What I am missing?

The output is:
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 1.250s
ERROR: SonarQube server [https://sonar.xxx.xxx] can not be reached
ERROR: SonarQube server [https://sonar.xxx.xxx] can not be reached
INFO: Final Memory: 6M/368M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarQube Scanner execution
ERROR: Error during SonarQube Scanner execution
ERROR: Unable to execute SonarQube
ERROR: Caused by: Fail to get bootstrap index from server
ERROR: Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
ERROR: Caused by: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
ERROR: Caused by: unable to find valid certification path to requested target
ERROR:
The SonarQube Scanner did not complete successfully
The SonarQube Scanner did not complete successfully
15:15:08.296 Creating a summary markdown file...
15:15:08.296 Post-processing failed. Exit code: 1

(Nicolas Bontoux) #2

Hi,

The SonarQube Scanner execution fully relies on the Java stack for any SSL matter. And your error here is indeed a sign that some custom certificates are not trusted by the local Java install.

For any SSL-related error that remains mysterious after a first investigation, I would suggest the following tricks: Oracle guide on debugging SSL/TLS connections , using javax.net.debug. This can help understand in details which truststores are in use and why the handshake fails.


SQ DE 7.3 not decorating TFS PRs