SonarPrepare Task Error: unable to get local issuer certificate

Hi community,
I’m using azure devops pipelines and SonarQube Server (developer edition), running on premise on a windows based server (Version: v2025.1.3)
As our wildcard certificate is going to expire, i added a new certificate to the server and registered it in IIS.

SonarQube is running as a local service on this machine and i configured the iis to work as a reverse proxy for SonarQube.

When I access SonarQube by browser, everything works fine. I can see the new certificate and the chain is marked a valid. Also when i check the site by using external scanners, there are no ssl issues found.
But since switching the certificate, by pipelines fail with an error:

# code block
[error][ERROR] SonarQube Server: Error while executing task Prepare: API GET '/api/server/version' failed. Error message: unable to get local issuer certificate.
[error]API GET '/api/server/version' failed. Error message: unable to get local issuer certificate.

I removed and reinstalled all certificates, tried to add the certificate in the jre trust cache manually (like mentioned here: https://stackoverflow.com/questions/55303439/azure-devops-prepare-analysis-on-sonarqube-task-fails-against-our-azure-hosted)
but nothing solved this issue…

Do you have any idea, how i can get rid of this error?

Hi,

Welcome to the community!

The docs should help.

 
Ann

Turns out, that we received a new ssl certicate from our supplier (sectigo), which uses a new root cert, which wasn’t compabitble with some clients (seems like the new root certificate wasn’t fully trusted or deployed on all clients). So changing the certificate (with a new one, using the old root cert) solved the issue!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.