- SonarServer : 8.9.1.44547
- DotNet SonarScanner : 6.1.0
Hi,
We are trying to run dotnet sonarscanner from a docker container targeting our internal SonarServer hosted with self signed SSL certificate.
But while running the dotnet sonarscanner begin /k:"project.key" /d:sonar.host.url="sonar-host-url" /d:sonar.login="access_token" we are getting: System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: PartialChain error .
Here is the detailed error log:
SonarScanner for MSBuild 6.1
Using the .NET Core version of the Scanner for MSBuild
Default properties file was found at /root/.dotnet/tools/.store/dotnet-sonarscanner/6.1.0/dotnet-sonarscanner/6.1.0/tools/netcoreapp3.1/any/SonarQube.Analysis.xml
Loading analysis properties from /root/.dotnet/tools/.store/dotnet-sonarscanner/6.1.0/dotnet-sonarscanner/6.1.0/tools/netcoreapp3.1/any/SonarQube.Analysis.xml
sonar.verbose=true was specified - setting the log verbosity to 'Debug'
Pre-processing started.
Preparing working directories...
Using environment variables to determine the download directory...
10:46:39.035 10:46:39.02 Loading analysis properties from /root/.dotnet/tools/.store/dotnet-sonarscanner/6.1.0/dotnet-sonarscanner/6.1.0/tools/netcoreapp3.1/any/SonarQube.Analysis.xml
10:46:39.035 10:46:39.034 sonar.verbose=true was specified - setting the log verbosity to 'Debug'
10:46:39.038 Updating build integration targets...
10:46:39.041 The file SonarQube.Integration.ImportBefore.targets is up to date at /root/.local/share/Microsoft/MSBuild/4.0/Microsoft.Common.targets/ImportBefore
10:46:39.041 The file SonarQube.Integration.ImportBefore.targets is up to date at /root/.local/share/Microsoft/MSBuild/10.0/Microsoft.Common.targets/ImportBefore
10:46:39.042 The file SonarQube.Integration.ImportBefore.targets is up to date at /root/.local/share/Microsoft/MSBuild/11.0/Microsoft.Common.targets/ImportBefore
10:46:39.042 The file SonarQube.Integration.ImportBefore.targets is up to date at /root/.local/share/Microsoft/MSBuild/12.0/Microsoft.Common.targets/ImportBefore
10:46:39.042 The file SonarQube.Integration.ImportBefore.targets is up to date at /root/.local/share/Microsoft/MSBuild/14.0/Microsoft.Common.targets/ImportBefore
10:46:39.042 The file SonarQube.Integration.ImportBefore.targets is up to date at /root/.local/share/Microsoft/MSBuild/15.0/Microsoft.Common.targets/ImportBefore
10:46:39.042 The file SonarQube.Integration.ImportBefore.targets is up to date at /root/.local/share/Microsoft/MSBuild/Current/Microsoft.Common.targets/ImportBefore
10:46:39.042 The file SonarQube.Integration.ImportBefore.targets is up to date at /root/Microsoft/MSBuild/15.0/Microsoft.Common.targets/ImportBefore
10:46:39.042 The file SonarQube.Integration.ImportBefore.targets is up to date at /root/Microsoft/MSBuild/Current/Microsoft.Common.targets/ImportBefore
10:46:39.043 Installed SonarQube.Integration.targets to /source/.sonarqube/bin/targets
10:46:39.044 Creating config and output folders...
10:46:39.045 Creating directory: /source/.sonarqube/conf
10:46:39.045 Creating directory: /source/.sonarqube/out
10:46:39.082 Fetching server version...
10:46:39.084 Downloading from https://<my_server_url>/api/server/version...
10:46:39.77 Unable to connect to server. Please check if the server is running and if the address is correct. Url: 'https://<my_server_url>/api/server/version'.
10:46:39.78 System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: PartialChain
at System.Net.Security.SslStream.SendAuthResetSignal(ReadOnlySpan`1 alert, ExceptionDispatchInfo exception)
at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken)
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
10:46:39.782 An error occured while querying the server version! Please check if the server is running and if the address is correct.
10:46:39.785 Pre-processing failed. Exit code: 1
But when we try to curl the same endpoint from the docker container it is returning the server version.
curl https://<my_server_url>/api/server/version
8.9.1.44547
We are using our own self signed certificate. And we are using only root certificate for the sonar cube server. In the docker file we are trusting the same root certificate and also able to curl without -k flag as mentioned above.
This is our docker file -
FROM mcr.microsoft.com/dotnet/sdk:8.0
WORKDIR /source
##Install Java
RUN apt-get update && \
apt-get install -y openjdk-17-jre-headless && \
apt-get clean;
# Install sonarscanner
RUN dotnet tool install --global dotnet-sonarscanner --version 6.1.0
## Set the dotnet tools folder in the PATH env variable
ENV PATH="${PATH}:/root/.dotnet/tools"
## Copy everything
COPY . .
## Trust certificate
COPY my_root_cert.crt /usr/local/share/ca-certificates
RUN update-ca-certificates
## Start scanner
RUN dotnet sonarscanner begin /k:"project_key" /d:sonar.host.url="https://my_server_url/sonarqube" /d:sonar.login="token" /d:sonar.verbose=true
## Build the app
RUN dotnet build -c Release
## Stop scanner
RUN dotnet sonarscanner end /d:sonar.login="token"
Also when we try to run the same dotnet sonarscanner command from our local machine(macOS) with the same credentials it is working fine.
Seems like same issue as this one - Dotnet sonarscanner running in a docker - How to install self-signed server certificate?
Thanks in advance !!