Sonar-scanner-vsts fails with 401 when using self-signed certificate in SonarQube


I configured an instance of SonarQube using a self-signed certificate and managed to make it work by passing a certificate chain to Maven. I then proceded to configure it in our Azure Pipelines using the new HTTPS URL.

For the Prepare Analysis step of the pipeline, I similarly passed to node a certificate chain by configuring the NODE_EXTRA_CA_CERTS variable. Now I get an error at the Publish Quality Gate Result:

2020-06-16T16:19:14.5024631Z ##[debug][SQ] API GET: '/api/ce/task' with query "{"id":"S0m3H45h"}"
2020-06-16T16:19:14.5142681Z ##[debug]Response: 401 Body: "undefined"

I’ve tried to curl using the same id from my machine and it worked, so the id seems right (in some other questions the issued seemed to be with a commited report-task.txt which contained a different id).

$ curl --insecure

I’m at a loss about what else to try, and even a bit unsure if a certificate error would cause a 401 or fail even before that.

Can you help me?

Hi @lpacheco and welcome to the community !

I think the curl you tested might indeed not have the same behavior as node, as you bypass the certificate validation (with the insecure flag) which is not the case with node.

Are you sure about the token that you filled in the Service Endpoint configuration ? Can you make a full analysis with it, let’s say, on a local environment ?


Thank you for your answer, Mickaël!

I was wondering if it could be a problem with the token since I get an authorization error, but then wouldn’t the Prepare Analysis step fail too?