I’m seeing this issue with my ADO (scanners are using java 11) on SQ version 9.9.8, Java 17, Windows + SQL Server 2022. I migrated this environment from another domain running on lower version of Windows + SQL Server. Upgrading SQ to latest LTA is not an option right now.
I’ve imported the Root CA cert to the JVM in both PEM and DER formats just to be safe. I’ve tried everything else mentioned here (NODE_EXTRA_CA_CERTS, installing the cert to the root store, etc) and still the same issue.
The mentioned solution by sonarsource/stackoverflow was to download the intermediate cert from SQB via openSSL, however the command is returning the same error as ADO “Unable to verify the first certificate”, here is part of the output (removed cert info). Any help would be appreciated, this is exhausting.
NODE_TLS_REJECT_UNAUTHORIZED=0 fixes the problem, but it isn’t a very good solution.
...
...
-----END CERTIFICATE-----
...
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2038 bytes and written 412 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 21 (unable to verify the first certificate)
---
read:errno=104
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
...
...