Must-share information (formatted with Markdown):
- 9.2.4.50792
- Have SonarQube trust corporate issued SSL certificate installed on our jenkins master node
- Post here first
Hey there.
You’ll need to adjust the certificates that the JVM running your SonarQube server trusts. Adjusting the truststore to add the certificate and restarting your SonarQube server should resolve the issue.
Hi Colin, thank you for the reply.
One of the challenges preventing the import was identifying what truststore is being used by sonarqube?
We have the following default trsutstores:
/etc/pki/ca-trust/extracted/java/cacerts
/etc/pki/java/cacerts
/usr/lib/jvm/java-11-openjdk-11.0.13.0.8-1.el7_9.x86_64/lib/security/cacerts
/usr/lib/jvm/java-11-openjdk-11.0.13.0.8-1.el7_9.x86_64/lib/security/cacerts → /etc/pki/java/cacerts (symlink) → this one has been updated, but it did not make a difference for us.
Also, from the OS itself, we can curl jenkins master URL without issues or any TLS related warning.
Is there any additional logging we can look at to see what might be going on exactly ?
Hey there.
Can you clarify where exactly you’re receiving the error, and what error you’re receiving? What is trying to get in touch with what, and while doing what (scanning, webhooks, etc.)
- If you change the certs installed in the JVM running your SonarQube server, the SonarQube server will need to be fully restarted (
./sonar.sh restart) - SSLPoke is a useful tool to see if the changes you made to your cert store actually solve the connection issue
Hi Colin,
The resolution was in - Administration part of SonarQube configs → Webhooks, there was a URL to Jenkins that needed to be updated.