Server Certificate error in Visual Studio 2022

  • Operating system: Windows 11
  • Visual Studio version: Microsoft Visual Studio Professional 2022 (64-bit) - Current
    Version 17.13.6
  • SonarQube for Visual Studio plugin version: 8.23.0.13726
  • Programming language you’re coding in: C#
  • Is connected mode used: Yes
    • SonarQube Server - I don’t know the version

And a thorough description of the problem / question:
As soon as I open a connected solution in Visual studio, I see this message:
image

When I go to Manage Project Bindings I see this:

I then go to the Output window to view the SonarQube logs and see this(I truncated it for brevity):

I have searched the SQ documents, this community, and StackOverflow but I cannot seem to find a simple answer with instructions on how to resolve this. I do seem to get warnings but not the same as if I run the checks on the server. If I go to the Analyze, RunCodeAnalysis on Solution option, I get no output. As I said, I do see things in the warnings output for the page I am not, but I feel I may be missing some functionality due to this certificate issue.

Thank you in advance for any help you can provide!

Hi,

Could we have the full text :sweat_smile: of the debug log?

 
Thx,
Ann

Sure Ann, was trying to keep some info private. Here is the full output I am seeing in VS2022. Thank you.

SQ-Log.txt (15.2 KB)

1 Like

Hi,

Thanks! I’ve flagged this for the team.

 
Ann

Thank you!

Hello @jbenson001,

The provided logs are not the verbose ones (to change the logging level, please follow the documentation as suggested by Ann :slight_smile: ).

But as the info bar shows, the problem is that the server certificate can’t be verified.

SonarQube for VS is using a JRE that is embedded with SlCore (the backend of SQ:IDE).
There is a way to add the certificate so that SlCore picks it up. Please follow the documentation as described here. It expects the truststore.p12 to exist under ~/.sonarlint/ssl. And ~sonarlint refers to C:\Users\username\.sonarlint folder. If it doesn’t exist, it can be added.

If you choose to not use the embedded JRE, the JRE Home can be configured to point to a custom JRE as described here.

We face a similar issue internally with our security software, requiring us to add the Root CA certificate used for traffic inspection to the Java keystore as documented. It’s likely that your IT team has this cert documented internally, so please make sure to configure your JRE accordingly.

Regards,
Gabriela

Hello Gabriela,
Thank you for the response. I do see that folder, however, it does not contain the trustore.p12 file. I have seen this documentation before but no explanation as to what to do if that file is not there. You say it can be added, but how, that is basically my question and have not found an answer unless I have overlooked it.

Thank you,
Jim

Hello @jbenson001,

You can create an empty truststore.p12 with keytool as explained here, for example.

Regards,
Gabriela

Hello Gabriela,
I did follow the instructions you posted and it did seem to work however, I am not sure where it created the file. Unfortunately, I am still seeing the certificate error when VS opens. Any other suggestions are welcome.

Thank you,
Jim

Hello @jbenson001,

Does your truststore.p12 file exist now in the ~/.sonarlint/ssl folder? It needs to exist in the correct folder for SlCore to be able to pick it up.

Regards,
Gabriela

Hello Gabriela,
I have searched my whole laptop for any *.p12 file, and nothing is on my machine
I have gone to that directory and after following your previous directions to create the empty file, it just has an emptyStore.keystore file 1KB

Update
I had to manually create the file there. I just renamed it to truststore.p12 and it seems to have taken care of the error message I was getting previously

@jbenson001, I am happy to hear your problem is fixed now! :partying_face:

Thank you so much for your help with this! :grinning_face:

1 Like