SonarLint does not respect the certificates added in the IntelliJ's keystore

I’m hitting problem while trying to connect to SonarQube server with self-signed certificate. The certificate is imported in the IntelliJ’s server certificates but I’m not able to access the server.

Template for a good bug report, formatted with Markdown:

  • Versions used:
    IntelliJ version 2020.01 (Ultimate Edition)
    Build #UI-201-6668.121, build on April 8, 2020
    Runtime: 11.0.6+8-b765.25 amd64
    SonarLint version:
    SonarQube server - 8.2
    OS: Windows 10

  • Error observed (wrap logs/code around triple quote for proper formatting)Failed to connect to the server. Please check the configuration. Error: Fail to request https://sonar/api/system/status```

  • Steps to reproduce

  1. Install SonarLint in IntelliJ
  2. Add the needed certificate(s) in Settings -> Tools -> Server Certificates
  3. Try to add connection to SonarQube server that needs self-signed certificate via the configuration wizard
  • Current result:
    After the username and password are filled there is a Failed to connect to the server. Please check the configuration. Error: Fail to request https://sonar/api/system/status fail message is returned.
  • Expected result:
    Successful connection.
  • Potential workaround
    Unknown for now.

As workaround I have tried to add the certificates in the JRE’s keystore that IntelliJ is using to start. I found the JRE location via plugin called “Choose Runtime” provided by JetBrains. When I added the certificates I made check if I can connect to the needed SonarQube server via small java application. It worked. But the login via SonarLint plugin is still not working and the same error is there as output.

As another workout I have tried to add a java parameters info idea64.exe.vmoptions. I passed these parameters:
““C:…\JetBrains\IntelliJ IDEA 2019.2.1\jbr\lib\security\cacerts”“C:…\IntelliJ IDEA 2019.2.1\jbr\lib\security\cacerts””"
The values are full and the files exists. This again didn’t work for me.

In addition I have added the certificates in my JDK that is installed for building my projects. This didn’t work as well.

Do you have any suggestions how to make SonarLint plugin to use the provided certificates from the IntelliJ?

The problem is solved.
The hostname I was using was the shortcut for the fully qualified domain name. It must be the FQDN to work properly.
Additional logging:

java.lang.IllegalStateException: Fail to request https://sonar/api/system/status
	at org.sonarsource.sonarlint.core.container.connected.SonarLintWsClient.rawGet(
	at org.sonarsource.sonarlint.core.container.connected.SonarLintWsClient.get(
	at org.sonarsource.sonarlint.core.container.connected.validate.ServerVersionAndStatusChecker.lambda$fetchServerInfos$0(
	at org.sonarsource.sonarlint.core.container.connected.SonarLintWsClient.processTimed(
	at org.sonarsource.sonarlint.core.container.connected.validate.ServerVersionAndStatusChecker.fetchServerInfos(
	at org.sonarsource.sonarlint.core.container.connected.validate.ServerVersionAndStatusChecker.checkVersionAndStatus(
	at org.sonarsource.sonarlint.core.container.connected.validate.ServerVersionAndStatusChecker.checkVersionAndStatus(
	at org.sonarsource.sonarlint.core.WsHelperImpl.validateConnection(
	at org.sonarsource.sonarlint.core.WsHelperImpl.validateConnection(
	at com.intellij.openapi.progress.impl.CoreProgressManager$
	at com.intellij.openapi.progress.impl.CoreProgressManager$
	at com.intellij.openapi.progress.impl.ProgressRunner.lambda$new$0(
	at com.intellij.openapi.progress.impl.ProgressRunner.lambda$null$3(
	at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcess$2(
	at com.intellij.openapi.progress.impl.CoreProgressManager.registerIndicatorAndRun(
	at com.intellij.openapi.progress.impl.CoreProgressManager.executeProcessUnderProgress(
	at com.intellij.openapi.progress.impl.ProgressManagerImpl.executeProcessUnderProgress(
	at com.intellij.openapi.progress.impl.CoreProgressManager.runProcess(
	at com.intellij.openapi.progress.impl.ProgressRunner.lambda$submit$4(
	at java.base/java.util.concurrent.CompletableFuture$
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(
	at java.base/java.util.concurrent.ThreadPoolExecutor$
	at java.base/
Caused by: Hostname sonar not verified:```
1 Like

Thanks for the follow up, and glad you managed to fix your issue!

Just to add for this — the shortcut probably can work, but would need to be listed in the SubjectAltNames part of the certificate installed! Based on the error (hostname not verified) it probably isn’t.