found: VSTS - Publish Quality Gate Result: unable to get local issuer certificate - SonarQube - Sonar Community (sonarsource.com) The answer was to create a folder in c:\ called “Certs”, ensuring that System & Authenticated users had full control to the folders. Exported the CA chain in base 64. Took each cert out of the chain, exported to “root.pem” and “issuer.pem”. Took contents of each pem file, root first, then issuer and put into “C:\Certs\sonar.pem” Added a SYSTEM environment variable: NODE_EXTRA_CA_CERTS C:\Certs\sonar.pem Rebooted box. The Sonar build plugin, which runs in node.js then picked up this variable, read the sonar.pem file and saw it as a trusted Cert and passed the check.
However, this only fixed the node.js azure devops build script. Our build then fell over at the sonar java scanner on an SSL error connecting to our sonar server