SonarLint + ZScaler certificate PKIX

Please provide

  • Operating system: Windows 10 and Mac OS 13
  • SonarLint plugin version: v3.14.0
  • Programming language you’re coding in: Python, C#
  • Is connected mode used:
    • Connected to SonarCloud or SonarQube (and which version): SonarQube Enterprise 8.9.9 (build 56886)

And a thorough description of the problem / question:
SonarQube cannot connect with the SonarQube server and present the following error

Suppressed: java.lang.NullPointerException: Cannot invoke “org.sonarsource.sonarlint.core.commons.http.HttpClient$Response.code()” because “response” is null
Caused by: PKIX path building failed: unable to find valid certification path to requested target
Caused by: unable to find valid certification path to requested target
at java.base/ Source)

When I disable ZScaler the problem doesn’t present. I believe the issue is with ZScaler, the question is what can be done about it as other applications work regardless of it.
It’d be important to find a solution to be implemented for all our developers and to disable ZScaler is out of question.

Hey there.

We feel your pain.

You will need to make sure that the Java installation used by SonarLint trusts the ZScaler root certificate. Something like:

sudo keytool -import -file ZscalerRootCertificate-2048-SHA256.crt -cacerts


Please also note that if you are using the Java runtime that is shipped with SonarLint, you have 2 options:

  • You can add the certificate to the trust store of the embedded runtime (which you’ll need to do after each update of the extension)
  • You can also create a separate trust store and refer to it in the SonarLint settings, with something like this in your user settings:
  "": ""

If you are specifying a Java runtime through, please make sure that you add the Zscaler root certificate to its trust store.

1 Like